Additional Details on Malware Suspicion in the “Traffic” Mod

Additional Details on Malware Suspicion in the “Traffic” Mod

Additional Details on Malware Suspicion in the “Traffic” Mod

More detailed insights on the suspected malware associated with the “Traffic” mod for Cities: Skylines II.

Over the recent weekend, we collaborated with various DFIR teams and professionals to examine the file thoroughly. Our initial concerns appear to be valid, as we suspect the file is designed to exploit exposed systems, specifically aiming at Crypto Wallets like the Exodus wallet. Although we cannot 100% ascertain its purpose at this moment, its potentially harmful nature warrants caution.

Since our first detection of the problematic .dll file, it is now recognized as malicious by 30 out of 72 security services. It’s advisable to keep your antivirus or antimalware software updated as a precautionary step. As a routine safety measure, every mod published on Paradox mods undergoes a virus scan.

If you haven’t reviewed the initial alert, it’s available here along with an update on the security measures adopted since 24-11-01:

  • We have performed a comprehensive scan of all Paradox Mods platform files for traces of the malicious file, and no additional mods display this threat.
  • We have actively collaborated with the creator of the impacted “Traffic” Mod to ensure their account is secured against further alterations.

We’ll continue to provide updates as new information becomes available, and we appreciate your further cooperation.

————————————————————————————————————–

Original statement issued on 2024-10-31:

Critical advisory for Cities: Skylines II enthusiasts:

There is a potential security complication linked to the “Traffic” mod for Cities: Skylines II. Late Monday, an unauthorized update was made to the mod, introducing a .dll file suspected to be harmful. While it’s been removed and the version as of 2024-10-31 15:35 CET is cleared for use, earlier versions might have compromised files.

  • We are investigating the specifics of this .dll file and will provide updates. Meanwhile, consider taking these actions promptly to secure your system:
  • If the Traffic mod wasn’t played, subscribed to, or downloaded, your system is not at risk and no action is required.
  • If you possess the Traffic mod but haven’t played Cities: Skylines 2 between Monday and today, allow the mod to synchronize. The malicious file should be automatically expunged. Nevertheless, run an anti-malware scan with a program like Windows Defender.
  • If the game was played with the compromised version, inspect your local files. Malicious files will be located in: %AppData%\LocalLow\Colossal Order\Cities Skylines II\.cache\Mods\mods_subscribed\80095_13.
  • The compromised mod files are confined to the 80095_13 folder; if absent, your mod version is secure.
  • If the folder exists, employ antivirus or anti-malware software to quarantine and remove it, then thoroughly scan your drives.
  • As a safeguard, consider updating your passwords.

We are implementing additional actions to ensure safe and secure mod usage:

  • A review of all Paradox Mods files is underway to check for unexpected updates.
  • We’ve liaised with the modder whose work was compromised to fortify their account security. They’ve updated “Traffic” to a safe version; anyone using version v.0.2.4 is assured a secure experience.
  • Paradox Mods will soon have updates that inform creators of any alterations made to their mods, alerting them to unauthorized changes.

Sharing creative content is a cornerstone of our Paradox community, and we’re dedicated to ensuring mod safety and security.

A crucial reminder: do not disclose your account credentials or passwords to anyone; we will never solicit your password or personal details directly.

————————————————————————————————————–

Update issued on 2024-11-01:

Our investigation into the malicious file associated with the “Traffic” mod is ongoing. All mods uploaded to Paradox mods historically have been subjected to a virus scan as a standard precaution. We remain committed to reinforcing our defense mechanisms.

Following our initial alert, these measures have been enacted to protect our community:

  • A targeted, in-depth scan of other Paradox Mods platform files has shown no similar threats present in other mods.
  • We’ve continued to work closely with the creator of the compromised “Traffic” Mod to maintain their security and prevent further interferences.
  • A specialist IT team is engaged in analyzing the malware to comprehend current and potential threats.

Our previously suggested safety precautions remain vital for safeguarding your system. Cities: Skylines II is safe to play, posing no additional risk. Further updates will be communicated once our security experts finalize their comprehensive analysis.

Source