Invidious, an alternative YouTube client in the browser without using YouTube directly (more private): https://inv.nadeko.net/watch?v=VH_8arwuRz8
Video Description:
This is why I don’t download game mods. Another backdoor has been found, this time in a popular modular for City Skylines 2 by paradox games. Checkout what happened in this video.
reddit.com/r/antivirus/comments/1gh4qp0/popular_mod_for_a_game_may_have_been_malicious_no
Tldr: it’s a crypto wallet stealer.
Always be wary of unknown code. Check comments on sites like Nexus. Run installers through virus checks.
If I understand it correctly from the reddit post, this was a popular mod, that you could get directly in-game, so probably available through the Steam Workshop or something. In that case you assume everything is fine and don’t really check out, if there’s something wrong.
It is a CS2 mod – CS2 lacks Steam Workshop support. Paradox did not put it in, in favor of their own mod platform.
There was a lot of beef about the lack of workshop support, but it means it was on Paradox’s platform, if anything.
Wonder if steam workshop scans for this kind of thing, or if it would have otherwise been found quicker.
This mod had some clever tricks to avoid detection from Antivir scanner. Not sure how deep and complex the Steam Workshop antivir scanner goes (if any). Hard to say if they would have found and prevented it. However, all antivir and other scanner software learned from this and now every malware using this technique could be detected instantly. At least in theory.
Steam has some basic scans, but nothing special. This kind of thing happened before, with mods and even games.
I would assume so. Did this happen in Steam Workshop?
Yes. Apparently there were enough mods like this, that someone made a list to unsubscribe from them:
https://steamcommunity.com/sharedfiles/filedetails/?id=2749608338
Also, this time it’s the first Cities Skyline, I don’t know of any other games, but it wouldn’t surprise me.
Man if that’s the case, that really sucks.
At least name the mod.
It was the traffic mod, and it’s been patched for a while now. Edit: Wait. I’m out of date. It happened AGAIN?
That post is from 10 days ago, so is probably the traffic mod?
deleted by creator
What’s the name of the mod?
Paradox posted this the other day: https://www.paradoxinteractive.com/games/cities-skylines-ii/news/traffic-breach-statement
I think it’s just called “Traffic”? It’s still early days for CS2 mods, not that weird for a mod to have such a generic name.
Thanks for the info!
