Multiple CurseForge and Bukkit projects have been compromised with self-replicating malware, prompting many groups to advise against downloading or updating mods, modpacks, or plugins from these platforms. The malware is stealing sensitive information, including browser saved passwords, and is unlikely to be detected by anti-malware software. If infected, it is recommended to remove the virus and change all passwords immediately. The affected accounts have two-factor authentication enabled, hinting at a bigger issue with auth token compromise or a larger cyberattack on the platform. Several popular mods and modpacks, including Dungeons Arise and Sky Villages, have already been updated with malicious files.
https://prismlauncher.org/news/cf-compromised-alert/