Valve bans Cities: Skylines modder accused of hiding malicious code in mods

Some of the mods have since been removed from the Steam Workshop.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

If you usedCities: Skylines modsfrom a user known as Chaos or Holy Water, it’s probably worth unsubscribing from them, as apost on the Cities: Skylines subredditexplains.

Chaos uploaded a redesigned version of Harmony (a patching library originally created for RimWorld that is now a framework relied on by the modding communities of several games), following that with redesigned versions of other mods like Network Extensions and Traffic Manager that required Harmony (Redesigned) also be installed. And that’s apparently where the trouble began.

As a community moderator told theNME, one of the Chaos mods would set off fake error messages when it detected the original version of Harmony was running as a way of encouraging players to download Harmony (Redesigned). That mod, they went on to explain, contained an automatic updater that could, if players ran the game as an administrator, be used to remotely install “keyloggers, viruses,bitcoinmining software—literally anything.”

The mod also blocked access from Steam IDs belonging to other modders, well-known community members, and employees of developer Colossal Order, supposedly as a way of preventing its code from being examined. “What’s been implemented would let him cryptolock a bunch of machines, create a botnet (and DDoS his enemies?) or minecryptocurrency,” the NME’s source added.

Valve had previously banned Chaos from Steam for doxxing members of the Cities: Skyline community, but he returned under the name Holy Water. That account has now been banned as well, and several of the mods removed from the Steam Workshop—though not all of them. TheReddit postincludes an up-to-date list, as well as a guide to safely uninstalling and replacing the mods.

Chaos has since returned to Steam a third time, and is now claiming to be the victim of a hate campaign organized by a Colossal Order community manager he calls the “Queen of the Trolls”. He also says he found a keylogger built into Cities: Skylines that is “exfiltrating your data to Paradox Online Publishing Services”.

The biggest gaming news, reviews and hardware deals

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Jody’s first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia’s first radio show about videogames,Zed Games. He’s written forRock Paper Shotgun, The Big Issue,GamesRadar,Zam,Glixel,Five Out of Ten Magazine, andPlayboy.com, whose cheques with the bunny logo made for fun conversations at the bank. Jody’s first article for PC Gamer was about theaudio of Alien Isolation, published in 2015, and since then he’s written aboutwhy Silent Hill belongs on PC,why Recettear: An Item Shop’s Tale is the best fantasy shopkeeper tycoon game, andhow weird Lost Ark can get. Jody edited PC Gamer Indie from 2017 to 2018, and he eventually lived up to his promise to play every Warhammer videogame.

China: Mao’s Legacy is like an absurdly specific Paradox game on a tight budget, and also one of the best sims I’ve ever played

Planet Coaster 2 review

The first PUBG spinoff with real promise is a top-down take on Rainbow Six Siege