Valve bans Cities: Skylines modder accused of hiding malicious code in mods

By Jody Macgregor
published

Some of the mods have since been removed from the Steam Workshop.

Cities: Skylines
(Image credit: Paradox)

If you used Cities: Skylines mods from a user known as Chaos or Holy Water, it's probably worth unsubscribing from them, as a post on the Cities: Skylines subreddit (opens in new tab) explains. 

Chaos uploaded a redesigned version of Harmony (a patching library originally created for RimWorld that is now a framework relied on by the modding communities of several games), following that with redesigned versions of other mods like Network Extensions and Traffic Manager that required Harmony (Redesigned) also be installed. And that's apparently where the trouble began.

As a community moderator told the NME (opens in new tab), one of the Chaos mods would set off fake error messages when it detected the original version of Harmony was running as a way of encouraging players to download Harmony (Redesigned). That mod, they went on to explain, contained an automatic updater that could, if players ran the game as an administrator, be used to remotely install "keyloggers, viruses, bitcoin mining software—literally anything."

The mod also blocked access from Steam IDs belonging to other modders, well-known community members, and employees of developer Colossal Order, supposedly as a way of preventing its code from being examined. "What's been implemented would let him cryptolock a bunch of machines, create a botnet (and DDoS his enemies?) or mine cryptocurrency," the NME's source added.

Valve had previously banned Chaos from Steam for doxxing members of the Cities: Skyline community, but he returned under the name Holy Water. That account has now been banned as well, and several of the mods removed from the Steam Workshop—though not all of them. The Reddit post (opens in new tab) includes an up-to-date list, as well as a guide to safely uninstalling and replacing the mods.

Chaos has since returned to Steam a third time, and is now claiming to be the victim of a hate campaign organized by a Colossal Order community manager he calls the "Queen of the Trolls". He also says he found a keylogger built into Cities: Skylines that is "exfiltrating your data to Paradox Online Publishing Services".

Jody Macgregor
Jody Macgregor
Weekend/AU Editor

Jody's first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia's first radio show about videogames, Zed Games (opens in new tab). He's written for Rock Paper Shotgun (opens in new tab), The Big Issue, GamesRadar (opens in new tab), Zam (opens in new tab), Glixel (opens in new tab), Five Out of Ten Magazine (opens in new tab), and Playboy.com (opens in new tab), whose cheques with the bunny logo made for fun conversations at the bank. Jody's first article for PC Gamer was about the audio of Alien Isolation, published in 2015, and since then he's written about why Silent Hill belongs on PC, why Recettear: An Item Shop's Tale is the best fantasy shopkeeper tycoon game, and how weird Lost Ark can get. Jody edited PC Gamer Indie from 2017 to 2018, and he eventually lived up to his promise to play every Warhammer videogame.

See comments