A rogue modder has released several mods for Cities: Skylines containing hidden malware. The hacker would purposefully sabotage popular legit mods and infect other modders and developers of Cities: Skylines.
The criminal hacker is hiding under various aliases, including Chaos, Holy Water and Drok. He initially published an apparently improved version of an existing mod framework Harmony. In reality, this version of Harmony would bug other popular mods. That’s what developer Aubergine18 discovered, a creator of one of the most downloaded mods for Cities: Skylines.
The mod framework could then be used again to install all possible code on victims’ systems via GitHub. According to an anonymous modder, it concerns tens to even hundreds of thousands of users. The source himself was previously a victim of doxing, for which the Chaos account of the hacker in question was banned by Valve.
The popular mod Traffic Manager: President Edition, among others, was portrayed by the culprit as the cause of bugs through fake errors and tweaks to the mod’s performance. Then the malicious hacker would again release ‘fixes’ to the problems, again with the aim of spreading malware.
In addition, the hacker would use multiple lists of Steam names for target selection for other malware. Dozens of popular modders, prominent community members and employees of developer Colossal Order are said to be on the list. Affected developers were thus prevented from inspecting the code of its rogue software. It would also affect the game’s performance for these specific users.
Meanwhile, Valve has removed some mods from Chaos, Holy Water or Drok. Also, many links on download pages of the rogue mods seem to have been removed. It is not clear whether more action will be taken against the criminal hacker.