The Cities: Skylines community informed users of the Paradox Interactive game about the discovery of malware in several fairly popular mods.
In a post on Reddit, all gamers are urged to test their computers before possible infection after it was discovered that mods “redesigned” by a modder called Chaos included an obscure malware installer.
Apparently, this installer also introduced unauthorized mods into the computer and caused those not created by Chaos to malfunction. In total, it is estimated that there are around 35,000 users who have been seen affected.
An article published in cities: Skylines subreddit note that malicious code has been discovered in mods released by an author using the names Holy Water and Chaos. These mods are “forks” (modified and repeated versions) of popular mods by known creators (such as Harmony, Network Extensions, Traffic Manager: President Edition) “Some (but not all) of these mods have been removed from Steam Workshop and the author’s account has been suspended.”
“We recommend in the most prudent manner that you unsubscribe from all articles posted by this author and do not subscribe, download or install any mod from any source that may be posted by this individual at the future”.
A subreddit moderator explained toNME that “users install Harmony (redesigned) for whatever reason and to stop seeing errors in popular mods. The solution offered is to use their versions. These versions have traces and users, and people find them in the originals. Users install this with the automated code. And soon you have tens of thousands of users who have installed a Trojan on their computers”.
Although Valve has wiped Chaos (and all of its alt accounts) and wiped infected mods, players are afraid they could reuse an account that hasn’t been wiped.
“Chaos can post code that would simply post updated code to its GitHub,” a moderator advises. “There is no validation from Steam, GitHub or third parties. This is a direct link from Chaos to infected computers. If users run the game with administrative permissions, it may expose them to viruses, keyloggers or bitcoin mining software, literally anything”.