Gaming Reviews, News, Tips and More.
We may earn a commission from links on this page

Mods Accused Of Bitcoin Mining And Downloading Viruses Removed From Steam

The Cities: Skylines mod contained code that would allow the creator to install malware

We may earn a commission from links on this page.
Cities: Skylines
Screenshot: CIties: Skylines

Over the last few days, a series of mods for the PC strategy game Cities: Skylines have been removed from Steam after users began fearing that they contained all kinds of nasty stuff, from keyloggers to viruses to bitcoin mining software.

The alarm was sounded by this NME story and subsequent Reddit post, pointing out that the uploader of the mods had been banned, and that there was a serious risk to user’s computers. As the NME story explains:

In 2021, a modder going by the name of Chaos launched a “redesigned” version of a mod called Harmony, a vital framework project that most mods in Cities: Skylines rely upon to function.

Chaos also then “redesigned” several popular mods for the game, and listed his modified version of Harmony as a core download – meaning that players would have to go and download it for any dependent mods to work.

However, it’s been discovered that an automatic updater was buried in this version of Harmony, which would allow Chaos to deliver malware to the devices of anyone that downloaded it. Other malicious code was used to cripple the performance of other mods, which in turn caused players to download more of Chaos’ mods as they were advertised as solutions to these issues. This was discovered when some of the affected modders who, after receiving reports of slow performance from fans, found the malicious code.


While a scary prospect for any users who had downloaded the individual mods, an investigation by Cities: Skylines developers Colossal Order found that while the mods themselves didn’t contain anything as serious as first feared, they were still being deleted from Steam. One because, as claimed, it could leave the door open for the downloading of “malicious software”:

The mod “Update from Github” was removed shortly after appearing on the Workshop. This mod was designed to check for and install updates to mods directly from Github, making changes to existing Workshop subscriptions without the user’s knowledge. This bypasses the Workshop entirely, and to avoid potential abuse (such as downloading malicious software) the mod has been removed.


And another for...pettier reasons (emphasis mine):

We recently banned a few mods from the Cities: Skylines Workshop and want to clear up some of the misinformation surrounding these mods. The mods in question, which have been banned, are “Network Extensions 3” and “Update from Github.”

No keyloggers, viruses, bitcoin mining software, or similar has been found in mods on the Steam Workshop.

“Network Extensions 3”, the mod alleged to contain malware, was banned due to discriminating against specific Steam users. First, it blocked a short list of Steam users from using the mod, but this was later changed to cause what appeared to be buggy gameplay. Blocking users or creating specific restrictions for them violates the Steam Subscriber Agreement and such resulted in the mod being banned.

Just to make this clear: the mod’s creator made a list of people they didn’t like, put that list in the mod, then made the mod run like shit, but just for those people.