Some mods of the popular computer game Grand Theft Auto V have been found to contain malware.
In the game’s online forums, users have identified malicious code in the ‘Angry Planes’ and ‘Noclip’ mods. The former spawns planes that attack players, and the latter allows players to walk through walls and other objects.
One GTAForums user aboutseven noticed that a C# compiler was running in the background during gameplay of these mods. After further investigation, the user traced the compiler back to “Fade.exe,” which requires Internet access, and determined the file to actually be a keylogger.
The malicious code hijacks a genuine part of PC gamers’ Windows OS, and it does not seem to activate until the game is opened.
“The mod did exactly what it advertised, however it also spawned a thread that installed malware on your machine behind the scenes,” explained GTA V mods hosting site GTA5-Mods. “The threat was not picked up by running the.asi file through VirusTotal, which made it difficult to detect before running. This was an extremely sneaky attack, something I can’t say I’ve seen in 12 years of GTA modding.”
‘Angry Planes’ and ‘Noclip’ are not the first GTA V mods found to contain malware, as a thread on Reddit reveals. Attackers have also used other gaming platforms to deliver malware in the past, including cracked APK Android files offered in Google Play Books.
It is possible that computers installed with anti-virus software blocked the malicious code before it had a chance to activate. Even so, anyone who has run either ‘Angry Planes’ or ‘Noclip’ should change their online passwords, especially if they use the same login credentials for multiple accounts.
In general, gamers should be careful when installing tool and script mods, which are more difficult to verify as compared to mods that publish their source code