Cities: Skylines players warned to check for malware after malicious code is discovered in mods
UPDATE: Paradox issues update.
UPDATE 15/2/22: Cities Skylines developer Paradox has issued a statement on the weekend's warnings surrounding several mods.
The blog, posted via Steam, details the issues it has found with the dodgy mods in question, and thanks fans for being alert to potential issues. In short, the situation is not perhaps as dire as it was feared.
"We recently banned a few mods from the Cities: Skylines Workshop and want to clear up some of the misinformation surrounding these mods," Paradox wrote. "The mods in question, which have been banned, are 'Network Extensions 3' and 'Update from Github'.
"No keyloggers, viruses, bitcoin mining software, or similar has been found in mods on the Steam Workshop.
"'Network Extensions 3', the mod alleged to contain malware, was banned due to discriminating against specific Steam users. First, it blocked a short list of Steam users from using the mod, but this was later changed to cause what appeared to be buggy gameplay. Blocking users or creating specific restrictions for them violates the Steam Subscriber Agreement and such resulted in the mod being banned.
"The mod 'Update from Github' was removed shortly after appearing on the Workshop. This mod was designed to check for and install updates to mods directly from Github, making changes to existing Workshop subscriptions without the user's knowledge. This bypasses the Workshop entirely, and to avoid potential abuse (such as downloading malicious software) the mod has been removed.
"'Harmony (Redesigned)' has been mentioned in this context, however, the mod has not been updated since March 15th, 2021. Further updates to this workshop item are not possible as the account is banned and contributors are unable to update workshop items.
Players who use mods to play Cities: Skylines have been warned to check their machines for malware after several popular mods have been found to include malicious code.
A hidden auto-updater has reportedly been bundled in all the mods "redesigned" by a modder aptly known as Chaos. As well as making it a core download for several other mods, it also crippled any mods not made by Chaos, forcing around 35,000 unwitting players into using more infected mods.
"Malicious code has been found in mods published by an author using the names Holy Water and Chaos," a pinned post on the Cities: Skylines subreddit warns. "These mods have been "forks" (modified and reuploaded versions) of popular mods from well-known creators (e.g. Harmony, Network Extensions, Traffic Manager: President Edition). Several (but not all) of these mods have been removed from the Steam Workshop and the author's account is currently suspended.
"We recommend in the strongest possible terms that you unsubscribe from all items published by this author and do not subscribe, download, or install any mods, from any source, that may be published by this individual in future."
A moderator of the subreddit additionally told NME: "Users install Harmony (redesigned) for a particular reason, suddenly they get errors in popular mods. The solution provided is to use his versions. Those versions gain traction and users, and people come across them instead of the originals... and see Harmony (redesigned) marked as a dependency. Users install Harmony (redesigned) with the [automatic updating code] bundled with it. Suddenly you have tens of thousands of users who have effectively installed a trojan on their computer."
Although Valve has now reportedly banned Chaos (and their known alt accounts) and removed the infected mods, players are still worried they can return as a loophole in Steam workshop rules means Chaos may be able to edit and update their mods from accounts other than those banned.
"Chaos can then remotely deploy any code he chooses to users simply by releasing updated code on his GitHub," the anonymous moderator added. "There is no validation by Steam, GitHub, or any third party. It's a direct link from Chaos' brain to users' computers. If users run the game as [an] administrator for any reason, this could expose them to keyloggers, viruses, bitcoin mining software - literally anything."
Cities: Skylines' new expansion, Airports, is out now.
As Matt summarised for us at the time, as its name suggests, Airports - which is Cities: Skylines' tenth major expansion, following on from After Dark, Snowfall, Natural Disasters, Mass Transit, Green Cities, Parklife, Industries, Campus, and Sunset Harbour - gives budding urban planners the tools needed to create and manage their own air-focused transportation hubs.
That includes a steadily expanding selection of modular airport building options, cargo terminals, and connected public transport - and you'll see a fair number of Airports' new features in action in the newly released gameplay trailer below.