Gaming News

Cities: Skylines players warned to check for malware after malicious code is discovered in mods

Players who use mods to play Cities: Skylines have been warned to check their machines for malware after several popular mods have been found to include malicious code.

A hidden auto-updater has reportedly been bundled in all the mods “redesigned” by a modder aptly known as Chaos. As well as making it a core download for several other mods, it also crippled any mods not made by Chaos, forcing around 35,000 unwitting players into using more infected mods.

“Malicious code has been found in mods published by an author using the names Holy Water and Chaos,” a pinned post on the Cities: Skylines subreddit warns. “These mods have been “forks” (modified and reuploaded versions) of popular mods from well-known creators (e.g. Harmony, Network Extensions, Traffic Manager: President Edition). Several (but not all) of these mods have been removed from the Steam Workshop and the author’s account is currently suspended.

“We recommend in the strongest possible terms that you unsubscribe from all items published by this author and do not subscribe, download, or install any mods, from any source, that may be published by this individual in future.”

A moderator of the subreddit additionally told NME: “Users install Harmony (redesigned) for a particular reason, suddenly they get errors in popular mods. The solution provided is to use his versions. Those versions gain traction and users, and people come across them instead of the originals… and see Harmony (redesigned) marked as a dependency. Users install Harmony (redesigned) with the [automatic updating code] bundled with it. Suddenly you have tens of thousands of users who have effectively installed a trojan on their computer.”

Although Valve has now reportedly banned Chaos (and their known alt accounts) and removed the infected mods, players are still worried they can return as a loophole in Steam workshop rules means Chaos may be able to edit and update their mods from accounts other than those banned.

“Chaos can then remotely deploy any code he chooses to users simply by releasing updated code on his GitHub,” the anonymous moderator added. “There is no validation by Steam, GitHub, or any third party. It’s a direct link from Chaos’ brain to users’ computers. If users run the game as [an] administrator for any reason, this could expose them to keyloggers, viruses, bitcoin mining software – literally anything.”

Cities: Skylines’ new expansion, Airports, is out now.

As Matt summarised for us at the time, as its name suggests, Airports – which is Cities: Skylines’ tenth major expansion, following on from After Dark, Snowfall, Natural Disasters, Mass Transit, Green Cities, Parklife, Industries, Campus, and Sunset Harbour – gives budding urban planners the tools needed to create and manage their own air-focused transportation hubs.

That includes a steadily expanding selection of modular airport building options, cargo terminals, and connected public transport – and you’ll see a fair number of Airports’ new features in action in the newly released gameplay trailer below.

Related posts

Rainbow Six Siege’s Rengoku event lets you play as a samurai


PSA: Final Fantasy 7 Remake Intergrade is £70 full price on Steam but currently on offer


Redfall’s vampires take the spotlight in spooky new trailer