Cities Skylines modder named Chaos distributing malware

Started by Pete Dero, February 13, 2022, 04:04:33 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Pete Dero

If you used Cities: Skylines mods from a user known as Chaos or Holy Water, it's probably worth unsubscribing from them.

Chaos uploaded a redesigned version of Harmony (a patching library originally created for RimWorld that is now a framework relied on by the modding communities of several games), following that with redesigned versions of other mods like Network Extensions and Traffic Manager that required Harmony (Redesigned) also be installed. And that's apparently where the trouble began.

As a community moderator told the NME, one of the Chaos mods would set off fake error messages when it detected the original version of Harmony was running as a way of encouraging players to download Harmony (Redesigned). That mod, they went on to explain, contained an automatic updater that could, if players ran the game as an administrator, be used to remotely install "keyloggers, viruses, bitcoin mining software—literally anything."

https://www.bluesnews.com/s/245139/cities-skylines-modder-banned
https://www.nme.com/news/gaming-news/valve-bans-cities-skylines-modder-after-discovery-of-major-malware-risk-3159709

Destraex

"They only asked the Light Brigade to do it once"

jamus34

There is a post from the 14th from the dev on Steam about this so it seems they are aware of the issue:

QuoteAn important message from the Cities: Skylines team,

We have an amazing modding community and greatly appreciate the dedication and helpful nature that's been at the center of it for 7 years. Recently, there have been concerns in the community about reports of malware on the Steam workshop, which we want to address.

We recently banned a few mods from the Cities: Skylines Workshop and want to clear up some of the misinformation surrounding these mods. The mods in question, which have been banned, are "Network Extensions 3" and "Update from Github."

No keyloggers, viruses, bitcoin mining software, or similar has been found in mods on the Steam Workshop.

"Network Extensions 3", the mod alleged to contain malware, was banned due to discriminating against specific Steam users. First, it blocked a short list of Steam users from using the mod, but this was later changed to cause what appeared to be buggy gameplay. Blocking users or creating specific restrictions for them violates the Steam Subscriber Agreement and such resulted in the mod being banned.

The mod "Update from Github" was removed shortly after appearing on the Workshop. This mod was designed to check for and install updates to mods directly from Github, making changes to existing Workshop subscriptions without the user's knowledge. This bypasses the Workshop entirely, and to avoid potential abuse (such as downloading malicious software) the mod has been removed.

"Harmony (Redesigned)" has been mentioned in this context, however, the mod has not been updated since March 15th, 2021. Further updates to this workshop item are not possible as the account is banned and contributors are unable to update workshop items.

In short:
No keyloggers, viruses, bitcoin mining software, or similar has been found in mods on the Steam Workshop.
The mod "Network Extensions 3" was banned due to a violation of the Steam Subscriber Agreement.
The mod "Update from Github" was removed as a potential risk, and only affected ~50 users.
The "Harmony (Redesigned)" mod available on the Steam Workshop has not been found to contain the code to automatically update mods outside the Workshop.


If you come across any concerning mods, reuploads of banned mods, or mods containing the same/similar code, please report them using the report button on their workshop page.

Insert witty comment here.