Some GTA V Mods Contain Malware, Download At Your Own Risk
While it's no secret that some sneaky people like to take advantage of the unwary on the Internet (shocking, right?), game mods might not be the first thing you think of as a delivery method for malware. Specifically, some GTA V mods actually have a nice little payload that comes along for the ride.
A user at GTAForums uncovered malware hiding in a Noclip and Angry Planes mod for GTA V.
Two mods for GTA V that rose quickly in popularity over the following weeks may have had keyloggers installed alongside the mods themselves. Several users have reported very odd things happening with their Steam accounts with one user detailing how CS:GO launched on its own, saying it was being ran from "out of Steam", meaning someone was trying to access his accounts game from somewhere else. This incident is supposedly connected to them previously installing the aforementioned mods.
Aboutsteven found a program called fade.exe residing on his computer and was able to correlate the date that it was installed with the date he installed the Noclip and Angry Planes mods. Another user, master131, was kind enough to analyze fade.exe to see just what it does. And it's indeed a keylogger.
He was able to determine that fade.exe uses some screen capture and keyboard logging API calls. It also communicates via TCP through a TcpClient call. Interestingly, it also references Steam a lot, possibly meaning that it either specifically captures Steam data, or that it's some sort of auto trader or buyer, as master131 has reasoned.
Community made mods see a rise in content when a new version of a game is released, sparking a revolution of sorts. Within that it seems that a few mod authors have had the audacity to try to take advantage of the popularity of GTA V. Fortunately, the community was able to put the kibosh on their attempts.
Mostly, however, GTA V mods are safe and there is really nothing to worry about. But we can't always just have nice things, now can we? Someone always has to try to ruin the fun for everyone else. Just make sure you have a good anti-virus package installed and be safe when browsing around. Sometimes waiting for the dust to settle on new things can reveal any inherent problems, or malware in this case. I always wait before downloading mods anyway.