this post was submitted on 10 Nov 2024
57 points (100.0% liked)

Gaming

30616 readers
108 users here now

From video gaming to card games and stuff in between, if it's gaming you can probably discuss it here!

Please Note: Gaming memes are permitted to be posted on Meme Mondays, but will otherwise be removed in an effort to allow other discussions to take place.

See also Gaming's sister community Tabletop Gaming.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

Invidious, an alternative YouTube client in the browser without using YouTube directly (more private): https://inv.nadeko.net/watch?v=VH_8arwuRz8

Video Description:


This is why I don't download game mods. Another backdoor has been found, this time in a popular modular for City Skylines 2 by paradox games. Checkout what happened in this video.

reddit.com/r/antivirus/comments/1gh4qp0/popular_mod_for_a_game_may_have_been_malicious_no

all 18 comments
sorted by: hot top controversial new old
[–] [email protected] 26 points 1 month ago (3 children)

Tldr: it's a crypto wallet stealer.

Always be wary of unknown code. Check comments on sites like Nexus. Run installers through virus checks.

[–] [email protected] 17 points 1 month ago (2 children)

If I understand it correctly from the reddit post, this was a popular mod, that you could get directly in-game, so probably available through the Steam Workshop or something. In that case you assume everything is fine and don't really check out, if there's something wrong.

[–] [email protected] 14 points 1 month ago (1 children)

It is a CS2 mod -- CS2 lacks Steam Workshop support. Paradox did not put it in, in favor of their own mod platform.

There was a lot of beef about the lack of workshop support, but it means it was on Paradox's platform, if anything.

[–] [email protected] 4 points 1 month ago (1 children)

Wonder if steam workshop scans for this kind of thing, or if it would have otherwise been found quicker.

[–] [email protected] 5 points 1 month ago (1 children)

This mod had some clever tricks to avoid detection from Antivir scanner. Not sure how deep and complex the Steam Workshop antivir scanner goes (if any). Hard to say if they would have found and prevented it. However, all antivir and other scanner software learned from this and now every malware using this technique could be detected instantly. At least in theory.

[–] [email protected] 3 points 1 month ago (1 children)

Steam has some basic scans, but nothing special. This kind of thing happened before, with mods and even games.

[–] [email protected] 1 points 1 month ago (1 children)

I would assume so. Did this happen in Steam Workshop?

[–] [email protected] 3 points 1 month ago (2 children)

Yes. Apparently there were enough mods like this, that someone made a list to unsubscribe from them:

https://steamcommunity.com/sharedfiles/filedetails/?id=2749608338

Also, this time it's the first Cities Skyline, I don't know of any other games, but it wouldn't surprise me.

[–] [email protected] 1 points 1 month ago

There were rumours about one for rimworld but I'm not sure if it was real or on steam.

[–] [email protected] 1 points 1 month ago

Heh, madlads :D Modern problems require modern solutions 👍

[–] [email protected] 7 points 1 month ago

Man if that's the case, that really sucks.

[–] [email protected] 5 points 1 month ago (1 children)
[–] [email protected] 2 points 1 month ago* (last edited 1 month ago) (1 children)

It was the traffic mod, and it's been patched for a while now. Edit: Wait. I'm out of date. It happened AGAIN?

[–] [email protected] 1 points 1 month ago

That post is from 10 days ago, so is probably the traffic mod?

[–] [email protected] 10 points 1 month ago (1 children)

What's the name of the mod?

[–] [email protected] 14 points 1 month ago (1 children)

Paradox posted this the other day: https://www.paradoxinteractive.com/games/cities-skylines-ii/news/traffic-breach-statement

I think it's just called "Traffic"? It's still early days for CS2 mods, not that weird for a mod to have such a generic name.

[–] [email protected] 6 points 1 month ago

Thanks for the info!