Cities: Skylines players are being urged to check their mod subscriptions through Steam after reports that multiple popular add-ons may include malware. The creator of these mods was previously banned from Steam but returned under new usernames to upload their work.
The Reddit thread created by a sub moderator (via Eurogamer) documents malware found in Cities: Skylines add-ons and names ‘Chaos’ or ‘Holy Water’ as the creator of the malicious code. These mods aren’t the original sources of popular tools, but instead modified and reuploaded versions. According to the post, Valve has removed several of these while others remain available.
Mods like Harmony, Network Extensions, Traffic Manager: President Edition, and others have all been targeted by the malware reuploads. To protect other players, the subreddit moderator links to multiple, legitimate sources for the additional tools, and a one-click unsubscribe for malicious versions — the thread is worth a quick pass if you’ve ever installed mods for the game.
Speaking to NME, a moderator for the Cities: Skylines subreddit explained Chaos, also known as Holy Water, may have distributed malware to as many as 35,000 players, and that he modifies well-known add-ons in order to quickly gain traction through “forking” those mods.
“Users install Harmony (redesigned) for a particular reason, suddenly they get errors in popular mods. The solution provided is to use his versions. Those versions gain traction and users, and people come across them instead of the originals… and see Harmony (redesigned) marked as a dependency. Users install Harmony (redesigned) with the [automatic updating code] bundled with it. Suddenly you have tens of thousands of users who have effectively installed a trojan on their computer.”
The NME report notes Chaos’ malicious code targets specific individuals hampering a machine’s performance if Steam IDs matched certain Cities: Skylines developers, modders, or other community members.
At the time of publishing this article, it does appear that some mods listed under Chaos’ handle are still available. While Valve reportedly banned him before (after doxxing other members of the community), Chaos has continued supporting his mods through links to outside downloads from Steam discussions. In one such post, Chaos claims he’s the “victim of a hate campaign,” and that this approach allows him to avoid trolls and “Bypasses Colossal’s censorship.” Colossal Order is the developer behind Cities: Skylines.
As the remaining mods are removed from Steam, they should automatically be removed from any players’ PCs using them, but there are still concerns about threads where Chaos provides outside links to sites hosting his content. Steam does warn its users before navigating outside of the platform, but the community is urging Valve to act quickly and remove those threads.
Fanbyte has reached out to Valve for comment. We will update this post with any response.
