Gaming @beehaw.org thingsiplay @beehaw.org 1 wk. ago

malicious backdoor found in widely used game mod by Low Level [YouTube]

Invidious, an alternative YouTube client in the browser without using YouTube directly (more private): https://inv.nadeko.net/watch?v=VH_8arwuRz8

Video Description:

This is why I don't download game mods. Another backdoor has been found, this time in a popular modular for City Skylines 2 by paradox games. Checkout what happened in this video.

reddit.com/r/antivirus/comments/1gh4qp0/popular_mod_for_a_game_may_have_been_malicious_no

17 comments

Tldr: it's a crypto wallet stealer.

Always be wary of unknown code. Check comments on sites like Nexus. Run installers through virus checks.
- If I understand it correctly from the reddit post, this was a popular mod, that you could get directly in-game, so probably available through the Steam Workshop or something. In that case you assume everything is fine and don't really check out, if there's something wrong.
  
  It is a CS2 mod -- CS2 lacks Steam Workshop support. Paradox did not put it in, in favor of their own mod platform.
  
  There was a lot of beef about the lack of workshop support, but it means it was on Paradox's platform, if anything.
  
  Man if that's the case, that really sucks.
- At least name the mod.
  
  It was the traffic mod, and it's been patched for a while now. Edit: Wait. I'm out of date. It happened AGAIN?
- I thought Nexus runs files through virus today?
What's the name of the mod?
- Paradox posted this the other day: https://www.paradoxinteractive.com/games/cities-skylines-ii/news/traffic-breach-statement
  
  I think it's just called "Traffic"? It's still early days for CS2 mods, not that weird for a mod to have such a generic name.
  
  Thanks for the info!

You've viewed 17 comments.