Cities: Skylines players have been warned to check what mods they use after several of them were found to have contained malware.
After installation, the mods – which brand off a "redesigned" version of Harmony – are essentially trojans and have seemingly been written to intentionally slow down machines that attempt to use any other mods other than the affected ones.
"Malicious code has been found in mods published by an author using the names Holy Water and Chaos," warns a post pinned to the top of the Cities: Skylines subreddit. "These mods have been "forks" (modified and reuploaded versions) of popular mods from well-known creators (e.g. Harmony, Network Extensions, Traffic Manager: President Edition). Several (but not all) of these mods have been removed from the Steam Workshop and the author's account is currently suspended.
"We recommend in the strongest possible terms that you unsubscribe from all items published by this author and do not subscribe, download, or install any mods, from any source, that may be published by this individual in future."
"Users install Harmony (redesigned) for a particular reason, suddenly they get errors in popular mods," explains a subreddit moderator, who would only talk to NME under the condition of anonymity, as the mod author – known as Chaos – has previously doxxed them.
"The solution provided is to use his versions," they go on to explain. "Those versions gain traction and users, and people come across them instead of the originals… and see Harmony (redesigned) marked as a dependency. Users install Harmony (redesigned) with the [automatic updating code] bundled with it. Suddenly you have tens of thousands of users who have effectively installed a trojan on their computer.
“Chaos can then remotely deploy any code he chooses to users simply by releasing updated code on his GitHub," the anonymous moderator added. "There is no validation by Steam, GitHub, or any third party. It’s a direct link from Chaos’ brain to users’ computers. If users run the game as [an] administrator for any reason, this could expose them to keyloggers, viruses, bitcoin mining software – literally anything."
As the moderator explained, Valve has now banned the user concerned as well as the infected mods, but some players remain concerned that the Steam Workshop's security measures are such that they may easily return under a different name.
Quick PSA before you go: if you have been subscribed to Network Extensions 3, unsubscribing from this mod can apparently break your save game because it will remove roads from your city. The team has, however, provided a workaround - check out the subreddit for the full details.
Looking for something new to get stuck into? Here are the best PC games right now.