Anyone who likes mods for Cities Skylines downloads should currently be very careful and check their PC for malware.
It turns out that several popular mods contain malicious code. However, this is not the original version of these mods, rather they were re-equipped with a hidden auto-updater and released by a modder named Chaos.
to act with caution
“Malicious code was found in mods published by an author by the names Holy Water and Chaos,” reads a pinned post in the Subreddit to the game.
“These mods are ‘forks’ (modified and re-uploaded versions) of popular mods from well-known developers (e.g. Harmony, Network Extensions, Traffic Manager: President Edition). Several (but not all) of these mods were made from removed from the Steam Workshop and the author’s account is currently suspended.”
“We strongly encourage you to unsubscribe from any downloads published by this author and not to subscribe to, download or install any mods from any source that may be published by this person in the future.”
Makes other mods unusable
The modus operandi is that a mod with malicious code essentially breaks other mods. Users would then have to download new versions of these mods that were also infected, causing the malicious code to spread further.
“Users install Harmony (redesigned) for a specific reason, suddenly they get errors in popular mods”, explained a moderator of the subreddit. “The solution offered is to use his versions. These versions gain traction and users and people come across them instead of the originals… and see that Harmony (redesigned) is specified as a prerequisite. Users install Harmony (redesigned) with the [automatischen Update-Code], which is connected to it. And on one there are tens of thousands of users who effectively have a Trojan installed on their computer.”
Valve has banned the user and their alternate accounts and deleted infected mods, but some are concerned that Chaos may be able to modify and update its mods using other accounts.
“Chaos can then remotely deploy any code to users by simply publishing updated code to their GitHub. There is no validation by Steam, GitHub or any third party. It’s a direct connection from Chaos’ brain to the Users’ computers. If users run the game as administrator for any reason, they might be exposed to keyloggers, viruses, bitcoin mining software – literally anything.”
So if you’re actively involved in mods in Cities Skylines, it’s better to check your computer.