Hi! I am hosting a modded minecraft server (1.16) on my home PC, and started seeing Malwarebytes detect and block Exploit.JavaMaliciousInboundSocket everytime a specific friend tried to join the server. We tried a couple things. He reinstalled java, connected via direct connect, and for a little while he could join without Malwarebytes shutting down the server. Then it started happening again. I tried hosting a vanilla 1.19 server, and he connected just fine without Malwarebytes doing anything. My theory right now is it has something to do with Java 8 that isn't in Java 17 (if I am understanding Minecraft java versions correctly). My friend uses Webroot as his antivirus. He also downloaded Malwarebytes Free and did a scan which didn't find anything. I have another friend who has connected to the modded server just fine with no issues. And yeah, two friends isn't a great sample size.
I am hoping someone can help me figure out what exactly is going on. Is my friend compromised? Are older minecraft servers a bad idea because they are on an older version of Java? Is there simply something weird happening? I have seen a few forum topics on this exploit, so I have attached the Malwarebytes Support Tool log as I have seen requested in all of those.
Log of the most recent event:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 6/25/23
Protection Event Time: 2:23 PM
Log File: b96aa488-138d-11ee-a936-d85ed3d4bd25.json
-Software Information-
Version: 4.5.30.269
Components Version: 1.0.2037
Update Package Version: 1.0.71502
License: Premium
-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Exploit.JavaMaliciousInboundSocket, , Blocked, 150, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: Java
Protection Layer: Application Behavior Protection
Protection Technique: Java malicious inbound socket detected
File Name:
URL:
(end)
mbst-grab-results.zip
