Popular mods for Cities: Skylines were supplied with malicious code by their creator, who used an automatic updater to infect users with a Trojan horse and affect performance.
In 2021, modder under the nickname Chaos launched a “reworked” version of the mod called Harmony – the vital framework that most mods in the world rely on Cities: Skylines. Chaos also “remade” several popular mods for the game and included his modified version Harmony in the list of main downloads – this means that players had to download it for all dependent mods to work. After downloading his “reworked” version of the framework, the user received error messages and an offer to download an updated version from the creator’s site.
Later it turned out that in this version Harmony an automatic update module was hidden, which allowed Chaos deliver malware to the devices of all users who have downloaded this modification. Other malicious code was used to reduce the performance of mods from other authors, which in turn forced players to download more mods from Chaos as they were advertised as a solution to these problems. This was discovered when modders, having received reports of poor performance from fans, found malicious code.
A separate malicious code also checked the user’s SteamID against a list that included the accounts of major modders, community members, and even company employees. Colossal Ordergame developer.
valve removed all author modifications and banned the last account that went by the name holy water. Original account Chaos was previously banned for doxing other community members. However, by this point there were about 35,000 mod downloads. Chaos – and it is likely that the real number is even higher.