Malware Discovered In Popular Grand Theft Auto V Mods

Conrad Zimmerman

New member
Dec 24, 2013
588
0
0
Malware Discovered In Popular Grand Theft Auto V Mods

"Angry Planes" and "Simple Noclip" mods found to be infected.

Players have found malware hidden within two popular mods for Grand Theft Auto V. The mods in question, "Angry Planes" and "Simple Noclip," contain a trojan virus designed to steal login credentials for a variety of services (including Steam, Facebook, and Twitch) as well as a keylogger.

Information on the malware was collected and analyzed by members of a Grand Theft Auto V modding community. The trojan, which appears as a file named "fade.exe," hides itself within a running process on execution (either a C# or Visual Basic compiler) while implementing its other malicious code. Once installed, the malware collects and sends data to a remote server. The virus also includes modules for flooding targets with network traffic.

Users who installed either of the two mods are being urged to remove them, check their system for signs of infection, and change passwords to ensure account security.

It is unknown whether the malware was included as part of the original designs for these mods or if they were added later by third-parties. Not all users of the mods appear to be infected by fade.exe, though it's possible that the virus may delete itself to avoid detection and not all virus scanners currently identify the threat.

Following its release on PC last month, modders have already created hundreds of scripts and add-ons to expand the Grand Theft Auto V experience. As with any rapidly growing collection of user-created content, the excitement over new mods is creating opportunities for less scrupulous modders to take advantage of eager, unsuspecting players. As mods are not supported by GTA V publisher Rockstar Games, users are on their own if infected by a mod containing malware.

Source: GTA Forums [http://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/]

Permalink
 

MonsterCrit

New member
Feb 17, 2015
594
0
0
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
Actually this is a reason for paid mods.

If they'd sold this. the buyers would be owed one heck of a refund and the modder would be liable for prosecution by Steam and the game Publisher..

In the case where this was a third party job I.e someone snuck it into the mod. the Paid mod scheme would make that harder.. well unless you tried to pirate the paid mod in which case that's your punishment blackbeared.
 

Gatlank

New member
Aug 26, 2014
190
0
0
MonsterCrit said:
Actually this is a reason for paid mods.
No it isn't.
First, if you dont have even an anti virus on your pc then i wonder if you know what you're doing.
Second, mods have been around for years and only recently this became news (gee i wonder why).
Third, you have to expect that the customer support would actually do something on time (Valve customer support for example isn't exactly glowing with praise and with Zenimax/Bethesda unless it involves big money dont get your hopes up).
 

MonsterCrit

New member
Feb 17, 2015
594
0
0
MarsAtlas said:
MonsterCrit said:
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
Actually this is a reason for paid mods.

If they'd sold this. the buyers would be owed one heck of a refund and the modder would be liable for prosecution by Steam and the game Publisher..
Steam would lose money prosecuting most cases and in the meantime be held liable for the loss of personal information. On top of that, they'd probably lose paying customers and have their reputation take a massive hit.
Not really. See the case would not require much in the way of litigation. Paper trails are fairly self evident things. Did the software this person create contaimn malware.. yes? Case closed. Fine issued and or jail time served. It's the sort of thing that only needs to happen once or twice before people get the message,. Try this.. and you will go to jail, thwere the probability of being raped or shanked increases exponentially.

The prospect of being stabbed in the lung, or stabbed in the butt as a consequence for one's action is usually a pretty good deterrant.
 

fix-the-spade

New member
Feb 25, 2008
8,639
0
0
MonsterCrit said:
Actually this is a reason for paid mods.
If they'd sold this. the buyers would be owed one heck of a refund and the modder would be liable for prosecution by Steam and the game Publisher.
In the case where this was a third party job I.e someone snuck it into the mod. the Paid mod scheme would make that harder.. well unless you tried to pirate the paid mod in which case that's your punishment blackbeared.
That's debatable at best.

Valve basically absolved themselves of all responsibility for the Skyrim paid mods, their only sop to customer service being a 24 hour refund grace period. Given their behaviour around the Skyrim mod store it's not unreasonable to expect that their attitude to something like this would be to take the mod down and nothing else, they'd keep any money older than 24hours and they'd swear blind that they are in no way responsible for the content of mods uploaded to their stores.

Whether a paid mod system would make it harder to get malware up would depend entirely on the upload and approval system. The approval list for the Skyrim was already full of collections and clones even if none of them got approved due to the store's abrupt death, I doubt a paid mod store for anything else on steam would fare much better.
 

fix-the-spade

New member
Feb 25, 2008
8,639
0
0
MonsterCrit said:
Not really. See the case would not require much in the way of litigation. Paper trails are fairly self evident things. Did the software this person create contaimn malware.. yes? Case closed. Fine issued and or jail time served. It's the sort of thing that only needs to happen once or twice before people get the message,. Try this.. and you will go to jail, thwere the probability of being raped or shanked increases exponentially.
That's about as likely as the creators of non-gaming malware going to jail, I'm sure the FBI is deploying it's specialist teams to Russia and China as we speak.
 

mad825

New member
Mar 28, 2010
3,379
0
0
Hmm, is this confirmed or pure speculation? From experience of using GTA IV there are mods that require use of .dll files which show as false positives on AVs. This is a problem caused by not having a proper SDK and relying more on "hacks" or injectors to mod.
MonsterCrit said:
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
Actually this is a reason for paid mods.
Just no, no. Don't grasp for straws.
 

MonsterCrit

New member
Feb 17, 2015
594
0
0
fix-the-spade said:
MonsterCrit said:
Not really. See the case would not require much in the way of litigation. Paper trails are fairly self evident things. Did the software this person create contaimn malware.. yes? Case closed. Fine issued and or jail time served. It's the sort of thing that only needs to happen once or twice before people get the message,. Try this.. and you will go to jail, thwere the probability of being raped or shanked increases exponentially.
That's about as likely as the creators of non-gaming malware going to jail, I'm sure the FBI is deploying it's specialist teams to Russia and China as we speak.
Actually Russia and CHina already have their own teams, most countries do and most of them are a bit more competant than the FBI. The reason it's typically hard to catch malware creators is because it's hard to trace them. of course when you put up a paid mod or item on steam. Steam is gonna collect ome infor . After all.. the money has to go to a bankaccount somehere and you need ID to open a bank account. Even a paypal account has some id attached that can be gained.
 

Conrad Zimmerman

New member
Dec 24, 2013
588
0
0
mad825 said:
Hmm, is this confirmed or pure speculation? From experience of using GTA IV there are mods that require use of .dll files which show as false positives on AVs. This is a problem caused by not having a proper SDK and relying more on "hacks" or injectors to mod.
Your point is brought up several times in the source thread, and there was some concern expressed about people leaping to conclusions about other mods which are producing false positives, but that doesn't seem to be the case here. A couple of technical breakdowns of the malware's activity have been documented in the source thread, specifically http://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page-30#entry1067472143 and http://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/page-7#entry1067465309
 

CaitSeith

Formely Gone Gonzo
Legacy
Jun 30, 2014
5,374
381
88
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
If Steam went with payed mods and didn't care to analyze them, then it really would had been stupid.
 

Veylon

New member
Aug 15, 2008
1,626
0
0
CaitSeith said:
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
If Steam went with payed mods and didn't care to analyze them, then it really would had been stupid.
Eh, they'd just slap a EULA page that you'd have to "Agree" to before buying which would basically say that you take full responsibility for whatever bad stuff happens or the mod not working as advertised and that they can keep the money no matter what.
 

CaitSeith

Formely Gone Gonzo
Legacy
Jun 30, 2014
5,374
381
88
Veylon said:
CaitSeith said:
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
If Steam went with payed mods and didn't care to analyze them, then it really would had been stupid.
Eh, they'd just slap a EULA page that you'd have to "Agree" to before buying which would basically say that you take full responsibility for whatever bad stuff happens or the mod not working as advertised and that they can keep the money no matter what.
Yeah, because doing what EA did with Origin would make their costumers really happy...
 

Olas

Hello!
Dec 24, 2011
3,226
0
0
mad825 said:
Hmm, is this confirmed or pure speculation? From experience of using GTA IV there are mods that require use of .dll files which show as false positives on AVs. This is a problem caused by not having a proper SDK and relying more on "hacks" or injectors to mod.
MonsterCrit said:
MarsAtlas said:
Hey Steam, need another reason why paid mods are bad? Imagine if you sold people a popular Skyrim mod that contained malware in it and their Steam account was stolen.

Anywho, its a shame when this type of thing happens because the modding community is usually pretty honest.
Actually this is a reason for paid mods.
Just no, no. Don't grasp for straws.
I don't think he is, and if you're going to accuse him of it, at least provide an argument. I hate these sort of short dismissive comments.

Knowing that mods have the easy potential for viruses, the install at your own risk mentality that comes with mods being free and unregulated makes them seem more dangerous. If I knew I was buying a mod from a legit retailer who policed for this sort of thing and whom I could hold accountable for malicious software, I would feel much more comfortable.

So ya, I think he has a legit point. And if you don't agree you have to at least explain why.