GTA 5 mods Angry Planes and No Clip contain malware
Written by JT on May 18, 2015
From our friends at PC Gamer –
It’s come to light that the Grand Theft Auto V mod Angry Planes, as well as another one entitled No Clip, contain a keylogger called Fade.exe. The presence of the malware first came to light on GTAForums, and has been confirmed by GTA5-Mods.com.
“The Angry Planes mod was downloaded and run by thousands of people on GTA5-Mods.com and various other community mod hosting sites and forums. It was even featured in Kotaku and PC Gamer!” GTA5-Mods explained. “The mod did exactly what it advertised, however it also spawned a thread that installed malware on your machine behind the scenes. The threat was not picked up by running the .asi file through VirusTotal, which made it difficult to detect before running. This was an extremely sneaky attack, something I can’t say I’ve seen in 12 years of GTA modding.”
If you’ve installed the scripts, ditch them immediately, then check your system for the presence of a file called Fade.exe. According to the GTAforums thread, Malwarebytes can detect and isolate the offending software. You will also want to change your passwords, since the software may have picked them up; at least one forum user reported earlier today that his Steam account has been hijacked.
Links to the mod have been removed by GTA5-Mods.com, and it said it will tighten up its approval process for these kinds of mods in the future. “If you post compiled scripts in .asi, .dll, or .net.dll formats, the approval process will be much lengthier,” it wrote. “We recommend avoiding these formats completely and publishing your mods as .lua or .cs source files, these kinds of scripts will be approved very quickly because the source can be verified.” It also recommended that players worried about future difficulties avoid tools and script mods, which at the moment are the only types of mods that can actually contain malware.