Hackers used the popular Minecraft modding platforms Bukkit and CurseForge to distribute a new 'Fractureiser' information-stealing malware through uploaded modifications and by injecting malicious code into existing projects.
That's pretty interesting, but it's also unfortunate for the people who got infected. Maybe requiring the JAR files to be signed by the authors help mitigate this type of attack.