35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees.
The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares.
The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to deliver malware to anybody who downloaded them.
It started last year, when Chaos launched a “redesigned” version of Harmony: a core framework project that most Cities: Skylines mods rely on to work. The author went on to similarly rework other popular mods, and he listed his Harmony redo as a core download: in other words, players would be forced to download it to get dependent mods to work.
But an automatic updater was subsequently discovered, hidden away in Chao’s Harmony version – an updater that enabled the modder to deliver malware to the devices of those who downloaded it. As well, the author reportedly poisoned other mods with malicious code that bogged down game-play, forcing players to download yet more tainted mods that Chaos had created