Potential malware-ridden, Bitcoin mining Cities: Skylines mods removed by Steam
Cities: Skylines is a strategy game with a vibrant modding community. However, gamers were in shock as news started coming out that some of the mods contained malware that opened the doors to all kinds of unwanted stuff like keyloggers, viruses, and even Bitcoin miners.
Late last week, NME reported that popular Cities: Skylines mods were infected with a trojan horse that was targeted at specific modders and employees of game developer Colossal Order. It all started in 2021 when a modder by the name Chaos launched a modified Harmony mod with an automatic updater. Chaos then used the updater to deliver malware to any device that downloaded it, crippling the performance of mods by other developers.
Chaos advertised other mods as solutions to reverse the adverse effects of the original mod and thus, spread the malware even more. This practice came to light when legit modders inspected the new Harmony code after receiving complaints of performance regression from users of their mods. Talking to NME, a moderator of the Cities: Skyline subreddit said,
[Chaos] forked another popular mod, and set their version of Harmony as a dependency. They then added fake error messages into this mod which would fire if you used the original Harmony, enticing users to their version. Then they implemented an access control list that would block certain Steam IDs from using their mods or interrogating any of their code.
...Users install Harmony (redesigned) with the [automatic updating code] bundled with it. Suddenly you have tens of thousands of users who have effectively installed a trojan on their computer.
Chaos can then remotely deploy any code he chooses to users simply by releasing updated code on his GitHub. There is no validation by Steam, GitHub, or any third party. It’s a direct link from Chaos’ brain to users’ computers. If users run the game as [an] administrator for any reason, this could expose them to keyloggers, viruses, bitcoin mining software – literally anything"
Since then, Valve has banned mods that use Chaos's automatic updater and also banned the modder's latest account, which goes by the name "Holy Water". However, gamers are still concerned that Chaos will eventually return with another name. Other mods that have been banned include "Network Extensions 3" and "Update from GitHub".
It may be noted that Chaos originally intended to affect only a list of people he didn't like, but it's an illegitimate move nevertheless since it casts aspersions on the game's modding community.
Over at the Cities: Skylines subreddit (linked below), the mods have posted a PSA informing gamers on Chao's ban and details on legit mods by the community, so you might want to check that out if you are a fan of the game.