“Angry Planes” and “Simple Noclip” mods found to be infected.
Players have found malware hidden within two popular mods for Grand Theft Auto V. The mods in question, “Angry Planes” and “Simple Noclip,” contain a trojan virus designed to steal login credentials for a variety of services (including Steam, Facebook, and Twitch) as well as a keylogger.
Information on the malware was collected and analyzed by members of a Grand Theft Auto V modding community. The trojan, which appears as a file named “fade.exe,” hides itself within a running process on execution (either a C# or Visual Basic compiler) while implementing its other malicious code. Once installed, the malware collects and sends data to a remote server. The virus also includes modules for flooding targets with network traffic.
Users who installed either of the two mods are being urged to remove them, check their system for signs of infection, and change passwords to ensure account security.
It is unknown whether the malware was included as part of the original designs for these mods or if they were added later by third-parties. Not all users of the mods appear to be infected by fade.exe, though it’s possible that the virus may delete itself to avoid detection and not all virus scanners currently identify the threat.
Following its release on PC last month, modders have already created hundreds of scripts and add-ons to expand the Grand Theft Auto V experience. As with any rapidly growing collection of user-created content, the excitement over new mods is creating opportunities for less scrupulous modders to take advantage of eager, unsuspecting players. As mods are not supported by GTA V publisher Rockstar Games, users are on their own if infected by a mod containing malware.
Source: GTA Forums