Cities: Skylines is a video game that allows players to design and manage cities. The game is available for many different gaming platforms, including PC, XBOX, Nintendo Switch and Play-Station 4 (1). Cities: Skylines is one of three city-building games created by the Finnish video game developers Colossal Order (2). The game developers allow the community to create “mods” for other users to download. A game mod (short for modification) is an add-on that alters the game in some way.
On Monday a “modder” (someone who creates game mods) was banned from the gaming platform Steam for accusations of hiding malware in their mods. The user goes by the name “Chaos” or “Holy Water” (3). Chaos is accused of hiding a software auto-updater in some of their game mods. The auto-updater would allow Chaos to deliver more malware to infected computers without the consent of the user (3, 4). The malicious mods are an example of a Trojan horse because the malicious software is hidden inside something that seems innocent otherwise.
“Sadly I think this kind of bad behaviour is present in all modding communities… It’s why, as sad as it is for the little guy who just made an awesome mod I might never try, I tend to stick to larger, well known and trusted modders”.
MeatSafeMurderer, Reddit
The malicious mods are “Network Extensions 3” and “Update from Github” (4). These mods are not original pieces, they are updates for pre-existing game mods, of which Chaos is not the original author (3).
Last year Chaos published an update to the popular Cities: Skylines mod Harmony. The update was designed to be incompatible with other versions of the mod. After its release, players would have no choice but to use Chaos’s version of Harmony. In addition, most Cities: Skylines mods need Harmony to run. A large portion of players would need to download Chaos’s update (3).
Members of the Cities: Skyline Reddit page have expressed how frustrating it can be to have someone maliciously tamper with a game mod you developed (5). Reddit user MeatSafeMurderer says that this behaviour makes it difficult for small game developers to succeed. “Sadly I think this kind of bad behaviour is present in all modding communities… It’s why, as sad as it is for the little guy who just made an awesome mod I might never try, I tend to stick to larger, well known and trusted modders”.
Events like this one instill distrust in the community, perhaps rightfully so. Events like this should remind users to be diligent with their computer security, but as MeatSafeMurderer pointed out, this distrust means that small developers will have a difficult time sharing their work.
If you are a Cities: Skyline user and are worried that you may be affected, check out this Reddit post with information on how to remove the mods from your computer.
A new Steam account has been created, claiming to be the user behind Chaos. This account claims that it is not the Chaos mods that have malware, but rather the Cities: Skyline code itself. The account name: I found Colossal Order Keylogger succinctly describes the accusations. Outside of this Steam account, no concerns have surfaced about security in the game code.
References:
- https://www.paradoxinteractive.com/games/cities-skylines/about
- https://www.colossalorder.fi/
- https://threatpost.com/cities-skylines-modder-banned-over-hidden-malware/178403/
- https://store.steampowered.com/news/app/255710/view/6047774523920146831
- https://old.reddit.com/r/CitiesSkylines/comments/sq5k4v/important_information_about_network_extensions_3/
Great post! I never thought of individuals hiding malware in mods of all things, something meant to be used for fun. Creating such mistrust especially in gaming communities, which are usually quite tightly knit, is never a good thing 🙁
I hope that my blog post can serve as a reminder to only download mods from trusted sources! It looks like the Cities: Skylines community stepped up to alert each other about the threat and to get Chaos removed from Steam, so in a way, the community was able to come together over this incident.
Very interesting post here. It is difficult to process how there are so many risks with malware when it comes to video-games. The gaming community has grown in the past two decades and even though it is a good thing for everyone to come closer and closer, it only creates new possibilities of new threats unfortunately . I’m sure that there are other games with similar occurrences!
Yeah, I agree that it is concerning! I guess if you are downloading mods from individual users rather than a legitimate organization you have to consider the threat of downloading malware. Hopefully this malware was found before too much damage could be done!
It kinda sucks how this can affect the modding community in games, as mods allow for another avenue to enjoy a variation of the game. By having malware in mods it can make it harder to foster a community around a game like how CS GO and garrys mod were mods of half life. Also I really liked how to talked about downloading mods from trusted sources as a lot of people are getting malware from downloading games and mods from people on discord or some sketchy site.
I agree that attacks like this probably destroy some of the sense of community that Cities: Skylines players had built. I wonder how the community will move forward from this. Maybe it will encourage the community to stay vigilant and to alert each other of potential malware in future mods!
On the other hand of this article, I’m surprised many attackers haven’t targeted modding communities more often. Many users don’t blink twice to the concept of open-source nor would the average user be able to even verify the integrity of such widely available mods. For the more avid user, such malware that targets gamers is usually repacked inside game cracks, which requires users delving into DRM-Removed titles but this opens up my eyes to seeing the possibility of targeting legitimate game owners. Does this vulnerability mean that these mods aren’t verified even on the distributors addon market? For sure without a doubt as Kevin said, other communities must have also been targeted.
Great read and really opened insight on the potential flaws of user based modding .
I agree that users place a lot of trust in their modding communities, and many of them likely do not have the knowledge to verify the safety of their mods themselves.
I think this topic speaks to a downside of regulation on the internet. Modding PC games is an extremely popular thing to do, and various communities exist for it to be done safely; Sites like nexusmods, which hosts modifications for various games uploaded by users, have huge communities and offer strict regulation to ensure these situations don’t happen. However, these sites can also lead to a false sense of security, and because nothing is perfect its pretty much guaranteed some malware will slip through the cracks. Downloading mods is done without thinking very often, without considering that you’re essentially running a complete stranger’s software on your PC based purely off of trust. And because it often goes well, people become complacent about it. Generally, I wonder if the addition of new feature is worth the risk, especially if one isn’t familiar enough with the code to vet the safety themselves.
Good post!
Hey Filip, thanks for your comment. I must confess I’m not all that familiar with modding. What kinds of measures do modding sites take to protect their users from malware attacks?
I’m not incredibly knowledgeable on the topic either, but as far as I know there are a couple of components ranging from automatic reviews, account reputation, and on rare occasion or appeals probably manual review. Its too much for anybody to reasonably review all of it manually, but there are systems in place that work relatively well (to my knowledge). As you pointed out though, they’re fallible though.
Thanks for that! Those processes you mentioned sound relatively robust, and my guess is that they stop most malware attacks! I think that the Cities: Skylines community responded to this attack well by alerting other users quickly, and having Steam retaliate against Chaos. I’m not sure what else could have been done to prevent this attack.
There are indeed multiple ways to inject malware. I share my concern with “little guy who just made an awesome mod” since they are also affected by mistrust caused by bad behaviors. Due to the features of Cities, mod is a potential area for hackers. I wonder how releasing and downloading mods be enhanced to prevent potential risk from happening.
Interesting insight, Anh! Can you elaborate on your statement that the features of Cities, mods are a potential area for hackers? In your opinion, what about the game in particular makes it vulnerable to hacking?
In this case, we can only hope that the platform can strengthen management and monitoring efforts. Mods downloaded from the community can be a source of hacking. Users follow the module’s instructions step by step, with little doubt about its security.
Users place a lot of trust in the mods they are downloading! I agree with you in that I hope the platform can adjust their policies to protect users from further such attacks.
Interesting Post! I never thought that malware could be in cities in games like young kids play games and they would not have any idea about the concerns of online world and they may unknowingly give some type of access to the game and this might cause the malware to spread in the computer and give access to the data present in the computer.
That’s a really good point! Lots of kids enjoy playing video games, and might not know about the dangers of downloading code from another user.
Nice post! It is interesting that a rather peaceful game would gather malicious people looking for exploits. I’ve looked into playing games with mods before but never committed to one and now I will have to be more careful with my selection. Modding games helps increase interest and entertainment in games and it is unfortunate that there are people that would take advantage of people’s love for a game. I know that for minecraft games there is some amount security as there are 2 main mod websites that have safe mods. Hopefully, game communities can find a way to better prevent these circumstances.
It is sad that people would harm their gaming communities by delivering malware. That system of having websites with safe mods sounds like a good idea! Maybe more gaming communities should adopt this practice to verify the safety of mods.
Great post ! can’t imagine viruses in mods , which are fun to use in a game , this is really interesting . Good job !
I’m glad you liked it! Gaming is supposed to be fun, and it’s sad that some people wish to use this platform to exploit others.
Very informative post! It is really sad to see that modders are putting trojans in their mods, since usually people who make mods are genuine fans of a game and only want to see others, and themselves enjoy it more with the use of mods. I feel like steam and game developers should be required to test mods before allowing them to go public on trusted platforms like steam, since it could solve problems like this before anyone downloads the game. As a cities skylines player myself, I’m glad I saw this post before downloading any mods for the game.
Wow I’m glad that this post helped spread the word to Cities: Skylines players! I think that having someone test out Chaos’ mods would have been beneficial in this case. Apparently, some of the mods this user published earlier actually slowed down the game and caused bugs. This then forced users to download Chaos’ new “improved” mods, which contained the malware. If some people had tested the mods first, they probably would have found problems and prevented their publishing.
As someone who has used mods before in some other games this is a very interesting and concerning post to read. As mentioned in the post it is quite unfortunate for smaller developers who might not get noticed now due to the distrust actions like this can cause. I also find it interesting at the end there that Chaos denies that any of the malware was in his work but in the Cities Skylines code itself.
Chaos seems like they’re trying to save face, maybe they don’t want their Steam account to stay banned. If you are a mod user, make sure you trust the source!
Wow, as somebody who often plays video games that has active modding communities, this blog post concerns me. Usually, I have put up a sort of trust with mods from the community and naively download them. It really goes to show how easy it is to implement malware within such communities and how easily it is to break the trust of the community.
I hope this post reminds you to stay vigilant when downloading mods.
It’s always a shame to see stuff like this happening in the modding community, but a relief to know that a solution was found. I am always wary of downloading almost anything because of trojan viruses, but it’s always good too see staff and members of the community resolving problems like these.
I think that the Cities: Skylines gaming community handled the problem well by informing each other about the issue, and by releasing information about how to remove the malware from your computer. Stay vigilant!
Great post!! When downloading mods for games, many people don’t tend to think twice about it. Mods are meant to be fun additions to games, yet can also be a source of malware. It was great of you to speak about how malware mods tend to push people towards using mods from well-known and more trusted developers, and how as a result, this tends to make it difficult for smaller developers to get their content out there. It is unfortunate that smaller developers are affected by cases like these solely because of the actions of others.
It is hard for small developers to break out into the modding world because there is distrust surrounding software from non-verified sources. Hopefully the Cities: Skylines community can develop some sort of system for screening mods for malware before they get released.
Great Post! I condone the actions of the creator of this mod update, but I have to commend him/her on his/her creativity, using updates to a mod to hide and deliver a trojan horse malware program is a very clever and ingenious way to deliver a form of malware. The fact that a user has to download the update themselves, using a mod that they have previously put trust into, is a sneaky way to bypass the user’s sense of security. I’m glad that this mod update has been recognized so that no more unsuspecting users can download it and I hope that cases like this can help increase security measures regarding the modding of games, especially for the sake of the small teams of developers who create these mods.
Very interesting post. I never realized there was easy software hidden in the game mods, which surprised me. I didn’t even think about malware, I just cared about the fun of the game mods. You really should be wary of all downloaded software. At the same time, the Steam community should take this more seriously.
Great post! I had no idea that this type of malware mod existed. Mods are very popular in gaming. A lot of people will download mods to make their gaming experience more fun. It’s pretty scary to know that there are mods that have malware that can affect your PC.