Store Page
The Sims™ 4
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

The Sims™ 4

Store Page
JANUS Feb 7, 2024 @ 1:59pm
8
3
#HeadsUp: 💀 TROJAN ALERT! [APR 2024] 💀 MALWARE ALERT! [JAN/FEB 2024] 💀 AVOID SimsFinds. Subscribe to stay updated.
💎 Learn more: Reddit | AHQ | Scarlet's Realm[scarletsrealm.com]
  • I know this is a long post. Please take your time to read through it slowly, and also check the the linked Reddit post.
  • To clarify, .PACKAGE downloadable (custom) content is still considered 100% safe.
  • To clarify, not every .TS4SCRIPT mod is malicious. The mods flagged below were compromised with malicious code to download malware.
  • The malware is bad. Do not minimize the severity or danger it poses to you or anyone else in our Sims community. Awareness and accurate information is key. I might be tardy, but I will update this with every new bit of relevant information I get.
  • Expect "regular" edits and updates to this post.
🛸 Here are MY hysterical instructions which have remained mostly untouched since I first typed them:
  1. 🚧 This will become a hyper-link to a list of things to do if you were infected or can't shake the feeling. Until then, have this link and this link.
  2. MANUALLY INSTALL YOUR MODS at least for the time being. NO MOD MANAGERS like the CurseForge app or the TSR app. I'm recommending this so you visually see what goes into your Mods folder. Mod managers simply unzip and dump files into your Mods folder.
  3. SCRUTINIZE ALL ARCHIVES for rogue .TS4SCRIPT files. "Archives" are the .ZIP, .RAR, etc., files that mods and custom content sometimes come in. If you see a .TS4SCRIPT file where there's not supposed to be one, report it (to us here as well) and delete it immediately. Eg. You download some kawaii rainbow nose blush and you get a .TS4SCRIPT file. What do you do? REPORT IT AND DELETE IT.
  4. Please use FIRST-PARTY download options where possible and especially for .TS4SCRIPT mods. Eg. LMS' official Tumblr has alternate Google Drive links for their mods. Creator Patreon posts, Tumblr posts and personal website posts with PATREON, GOOGLE DRIVE, ONEDDRIVE, ITCH.IO or SIMFILESHARE (SFS) links are all considered FIRST-PARTY.
  5. AVOID third-party websites that re-host mods. No, this isn't shade at SNOOTYSIMS. Websites like SNOOTY link back to content pages, they don't re-host.
  6. AVOID re-uploaded mods or allegedly updated mods from random peeeeple, especially those with new accounts, especially if you know the mod in question was made by somesimmer else.
🌹 Scarlet's Realm says the only 100% way to prevent this from happening is by not downloading anything at all until further notice. However, if you choose to risk it, you should at least:
  • Download and install the just released ModGuard: Mod Malware Protection by TwistedMexi (don’t worry, it’s trusted and safe). Make sure to read and follow the instructions carefully.
  • Only download mods from modders you trust.
  • Try to download only from the creator’s own website or patreon where they’re more likely to have Two-Factor Authentication enabled.
  • If the modder didn’t announce the update, but usually does on one of their platforms, avoid it until they do.
  • Avoid downloading from new modders that popped up out of nowhere.
  • Do NOT download Mod/CC folders (aka CC Dumps) from ANYONE. You should be following this guideline even without the malware risk. The reason for this is that you don’t know what mods are included in them and by the time you download it, the mods are likely outdated/broken. So, always download from the creators themselves so you know exactly what you’re putting into your game.
────⋆⋅🌟⋅⋆── ⋆ ˚。⋆🎚 ☠︎︎ 🎚⋆ ˚。⋆
This section is for condensed information.

🌟 Here are quick-links for the tools we now have:
🌟 These accounts were compromised but have since been secured as of Feb 10th, 2024:
  1. MSQSIMS on The Sims Resource
  2. PlayersWonderland on The Sims Resource
🌟 These are the compromised mods we know of. As of Feb 10th, 2024 they've all been removed from their respective websites. If you downloaded ANY of these mods from as early as Jan 1st to Feb 10th you need to delete them and do the necessary clean-up and take the necessary measures to secure your digital footprint and especially your banking info:
  1. Cult Mod v1 on LL (throwaway account)
  2. Cult Mod v2 on MTS by PimpMySims (impostor account)
  3. Social Events - Unlimited Time on CF by MySims4 (throwaway account) - This was stolen from MSQSIMS on TSR.
  4. Mood Cheat Menu on TSR by MSQSIMS
  5. Motherlode Menu on TSR by MSQSIMS
  6. Seasons Cheats Menu on TSR by MSQSIMS
  7. Weather and Forecast Cheat Menu on TSR by MSQSIMS
  8. Mouth Preset N16 on TSR by PlayersWonderland - A compromised .ts4script file was included alongside the custom content .package file.
────⋆⋅💀⋅⋆── ⋆ ˚。⋆🎚 ☠︎︎ 🎚⋆ ˚。⋆
This section is for condensed updates and also serves as a timeline of events.

💀 Apr 11th, 2024 - ♪ Guess who's back, back again? I've been MIA.
  • Apparently 3 days ago we were attacked on NexusMods with Trojans. I don't know much, I only just read it myself.
  • "Lumpinou's Toolbox - Script Library-Mod" from Patreon is being flagged by VirusTotal as having a Trojan. Per Lumpinou's own Updates post, the Toolbox hasn't been updated since March 13th, 2024, which tracks with the file available on CurseForge, HOWEVER, the CurseForge and Patreon files, while having the same version names DO NOT MATCH internally. Two PYTHON files were modified at later dates in the Patreon file.
  • I'll update when I know more.

💀 Feb 29th, 2024 - ModGuard updated to version 1.5.

💀 Feb 16th, 2024 - NEW MALWARE INFECTION REPORTED!
A simmer reports their PC went ballistic after downloading some custom content (no confirmation they even launched the game). SimsVirusCleaner detected and removed multiple files. SimsFinds is mentioned. I checked out the website. It's COVERED in JavaScript and the download links are obfuscated.

💀 Feb 16th, 2024 - WARNING: DO NOT download from the SimsFinds website!
That !@#$ ain't normal or safe.

💀 Feb 14th, 2024 - EVEN MOAR IS REVEALED!
Another one you've gotta go to Reddit for, sorry. It's another image.

💀 Feb 14th, 2024 - ModGuard has stopped 27 legitimate threats as of Feb 13th @ 1:55 PM.
Sorry this is late. It's on yet another Discord! Fun! I assume all 27 hits have been from the compromised mods we're aware of.

💀 Feb 12th, 2024 - ModGuard updated to version 1.4.

💀 Feb 12th, 2024 - ModGuard updated to version 1.3.

💀 Feb 10th, 2024 - NO NEW COMPROMISED MODS REPORTED for the past 37 hours.
  1. ModGuard updated to version 1.1.
  2. At LEAST one simmer has allegedly been infected.
💀 Feb 9th, 2024 - VirusTotal Scan Results shared:
  • Creation Time - 2023-08-16 14:16:30 UTC
  • First Submission - 2024-01-02 22:00:25 UTC
  • First Seen In The Wild - 2024-01-28 17:51:27 UTC
  • 21 relations identified and none of them are the mods we've discovered.
  • Stay vigilant.
💀 Feb 9th, 2024 - COMPROMISED mod found on LoversLab.

💀 Feb 9th, 2024 - More COMPROMISED mods detected.
One appears to be a regular .package CC with a compromised .ts4script tossed into the archive.

💀 Feb 8th, 2024 - TwistedMexi releases ModGuard.

💀 Feb 8th, 2024 - MOAR IS REVEALED!
This one you've gotta go to the Reddit for, sorry. It's an image with more details about what the malware steals.

💀 Feb 8th, 2024 - (Not) ALL IS REVEALED!
It's bad. Here are highlights from the Sims After Dark update:
  • We are unaware at this time if the malware has any function which would delete the file at a later time to cover its tracks.
  • If the exe file was downloaded and executed on your Windows device, it has likely stolen a vast amount of your data and saved passwords from your operating system, your internet browser (Chrome, Edge, Opera, Firefox, and more all affected), Discord, Steam, Telegram, and certain crypto wallets.
  • If you think you may have been affected by any of these mods, it is vitally important that you change your passwords for all your important accounts as soon as possible. If your credit card information was stored on your computer or in any of your accounts linked to your passwords, you may need to contact your bank or credit card company to inform them your card number is not secure.
  • Further investigations suggest that the malware tries to infect Discord and crypto wallet programs, and simply removing the malicious exe file may not be enough. If they are infected, running Discord or the crypto wallet will attempt to reapply the malware to your device. If you were affected by the compromised mods, you should also uninstall Discord and any crypto wallet programs and then, once you are sure the malware is gone, re-install them from a fresh download to clear out any remnants of the malware.
  • Due to this malware using an exe file, we believe that anyone using a Mac or Linux device is completely unaffected by this. 💀 This bit about Linux is potentially false!
  • With this update, we'd also like to remind everyone to enable Two-Factor Authentication (2FA) to add an extra layer of security even if your password is stolen.
💀 Feb 8th, 2024 - Answers HQ enters the chat:

To see if your system has been affected by the malicious code:
  • On your keyboard, press Windows Key + R together to open the Run Dialog Box.
  • In the window that opens, type this: %AppData%\Microsoft\Internet Explorer\UserData
  • In the folder that opens, look for files called Updater.exe and/or Main.exe.
If you had one of these files, assume that any sensitive data on your PC may be compromised and take the steps below:
  • Clear your system for this specific virus. (Linked tool at the top of this OP.)
  • Change your passwords.
  • Add two-factor authentication where available.
  • If you had saved credit card or similar information to a web browser, remove it and find out from your financial institution (or other relevant site) what action to take next.
💀 Feb 8th, 2024 - MSQSIMS on The Sims Resource is COMPROMISED.
Multiple MSQSIMS mods hosted on TSR are now confirmed COMPROMISED!

💀 Feb 7th, 2024 - CurseForge releases SimsVirusCleaner.

────⋆⋅ 🦄 ⋅⋆── ⋆ ˚。⋆🎚 ☠︎︎ 🎚⋆ ˚。⋆
This section contains the original OP.

PLEASE, for your own sake, download your script mods FROM OFFICIAL FIRST-PARTY SOURCES (aka the mod creator).
  • DO NOT download from third-party websites that re-host mods.
  • DO NOT download re-uploaded mods or allegedly updated mods from random people especially if you know this mod was made by someone else.
TS4SCRIPT FILES USE PYTHON which makes The Sims 4 community an easy target for malicious users. Please be cautious.

TWO mods have already been found with code that silently downloads and executes a file on the end-user's device.

Help make the community aware of this. We have enough in-game bugs and app bugs to deal with. We don't need malware or ransomware plaguing the TS4 community too.

────⋆⋅💎⋅⋆── ⋆ ˚。⋆୨ ♢ ୧⋆ ˚。⋆

I'll be back. Bye!
Last edited by JANUS; Apr 11, 2024 @ 12:28am
< >
Showing 1-15 of 98 comments
Xeriath Feb 7, 2024 @ 2:10pm 
Lol, this is funny that it happens on curseforge because this website was officially supported by Maxis and should be a way to download mods in a *save* way. Thanks for the information.
Last edited by Xeriath; Feb 7, 2024 @ 2:15pm
#1
James3157 Feb 7, 2024 @ 2:22pm 
Why does there always have to be bad people out trying to ruin the fun? Probably some people just simply cannot enjoy basegame on The Sims 4 without mods/cc, but that sucks. While it is still wrong and I personally would never do this, if someone feels the need to do something illegal then pirating in my personal opinion is better than infecting someone's computer with malware. Thank you for sharing this information, but there always seems to be a few bad apples that are able to get away with doing stuff that should be illegal. If infecting someone's computer with malware from something that is supposed to be a mod does not cross the line then I honestly do not know else does. If I had to take a guess I would say about 99% of the stuff on Curse Forge is supposed to be safe, but there might be a few exceptions to this unfortunately.
Last edited by James3157; Feb 7, 2024 @ 2:33pm
#2
Xautos Feb 7, 2024 @ 2:50pm 
Originally posted by Xeriath:
Lol, this is funny that it happens on curseforge because this website was officially supported by Maxis and should be a way to download mods in a *save* way. Thanks for the information.

no system is foolproof. someone somewhere will look to exploit it in some manner for their own gain.
#3
Xeriath Feb 7, 2024 @ 3:30pm 
Originally posted by Xautos:
no system is foolproof. someone somewhere will look to exploit it in some manner for their own gain.

Yeah, but curseforge is already know that these things happen to often there. It’s sad that this now happen too with Sims4 mods on curseforge. In the end a mod-user can’t trust new created accounts and their uploaded mods as long such things can happen. This destroy this: *We are a safe place to get your mods*.
Last edited by Xeriath; Feb 7, 2024 @ 3:38pm
#4
JANUS Feb 7, 2024 @ 11:19pm 
Originally posted by Xeriath:
Lol, this is funny that it happens on curseforge because this website was officially supported by Maxis and should be a way to download mods in a *save* way. Thanks for the information.
Indeed.


Originally posted by James3157:
Why does there always have to be bad people out trying to ruin the fun? Probably some people just simply cannot enjoy basegame on The Sims 4 without mods/cc, but that sucks. While it is still wrong and I personally would never do this, if someone feels the need to do something illegal then pirating in my personal opinion is better than infecting someone's computer with malware. Thank you for sharing this information, but there always seems to be a few bad apples that are able to get away with doing stuff that should be illegal. If infecting someone's computer with malware from something that is supposed to be a mod does not cross the line then I honestly do not know else does. If I had to take a guess I would say about 99% of the stuff on Curse Forge is supposed to be safe, but there might be a few exceptions to this unfortunately.
Indeed.


Originally posted by Xautos:
Originally posted by Xeriath:
Lol, this is funny that it happens on curseforge because this website was officially supported by Maxis and should be a way to download mods in a *save* way. Thanks for the information.

no system is foolproof. someone somewhere will look to exploit it in some manner for their own gain.
Indeed.


Originally posted by Xeriath:
Originally posted by Xautos:
no system is foolproof. someone somewhere will look to exploit it in some manner for their own gain.

Yeah, but curseforge is already know that these things happen to often there. It’s sad that this now happen too with Sims4 mods on curseforge. In the end a mod-user can’t trust new created accounts and their uploaded mods as long such things can happen. This destroy this: *We are a safe place to get your mods*.
Indubitably! xD
#5
JANUS Feb 7, 2024 @ 11:20pm 
💀 Feb 7th, 2024 - CurseForge releases SimsVirusCleaner.
Last edited by JANUS; Feb 14, 2024 @ 6:14pm
#6
CrackeR Feb 8, 2024 @ 5:03am 
I have used mods for over 5 years that altered the ts4.script and never had an incident or breach.
That being said, i have NEVER used a mod from curseforge! Just the name has always made me shy away from that site lol
But thank you OP for the heads up! :steamthumbsup:
#7
JANUS Feb 8, 2024 @ 6:50am 
Originally posted by CrackeR:
I have used mods for over 5 years that altered the ts4.script and never had an incident or breach.
That being said, i have NEVER used a mod from curseforge! Just the name has always made me shy away from that site lol
But thank you OP for the heads up! :steamthumbsup:
Cheers!

Both instances were uploaded under suspicious circumstances and contained the same code, so it's reasonable to believe that in this instance, it's likely the same individual or group. However, it could be a test run, like there was a test run of the malware that was spread through CurseForge to the Minecraft community mid last year when high-level or popular accounts were compromised with the intent of spreading malware. There have been many articles about this, but the one from BitDefender is most troubling.

It only matters that they infect some people before being caught. They don't need to infect everyone. A large percentage of The Sims community makes purchases, which means credit card and accounts data.

Just, y'know, some maybe not-so-basic internet-safety practices and all that jazz.
Last edited by JANUS; Feb 8, 2024 @ 6:59am
#8
James3157 Feb 8, 2024 @ 7:09am 
I actually have used Curse Forge before mainly for just cc (custom content) and MCCC (but updating to the most recent version earlier seems to usually require going to actual website) and like I said before possibly only about 1% of the stuff might have malware, but hopefully this does not necessarily mean that more people in the future are going to pirate The SIms 4 dlc. The reasons why are because there are various other places to get mods/cc besides Curse Forge and Curse Forge is not limited to only just The Sims 4. The reason why I mentioned pirating in relation to mods/cc is because maybe someone cannot really enjoy The Sims 4 without mods/cc but does trust them and afraid to use them which consequently might mean pirating. but while Curse Forge might seem like an obvious choice to get mods/cc it is not the only place to get them fortunately.
Last edited by James3157; Feb 8, 2024 @ 7:12am
#9
JANUS Feb 8, 2024 @ 7:31am 
Originally posted by James3157:
[...]because maybe someone cannot really enjoy The Sims 4 without mods/cc [...]
I pity the console pheasants who do not have access to the bugfixes and features our modding community is capable of. Pity and angry because EA is so woefully... malicious in their intent to bury us in premium broken and unfinished content.
Last edited by JANUS; Feb 8, 2024 @ 7:31am
#10
James3157 Feb 8, 2024 @ 8:01am 
Originally posted by JANUS:
I pity the console pheasants who do not have access to the bugfixes and features our modding community is capable of. Pity and angry because EA is so woefully... malicious in their intent to bury us in premium broken and unfinished content.

I personally would never play The Sims 4 on console for various different reasons including number 1 I do not want to spend a lot of money on both games, number 2 while I do have console it is only Playstation 2 meaning that it is old and I do not play it that much anymore even though it still works apparently, number 3 even if I had a newer console such as Ps3, Ps4, and/or Ps5, had Xbox 360, or had Nintendo Switch I would not play The Sims 4 on console, number 4 from my own personal experience playing on console can cause a lot of fatigue on the hands and fingers meaning that it may not be a good idea to play it all day and maybe just a few hours at most per day, and number 5 even if someone could enjoy playing The Sims 4 on vanilla instead of using mods/cc I still think that PC is better than console.
Last edited by James3157; Feb 8, 2024 @ 8:12am
#11
JANUS Feb 8, 2024 @ 11:50am 
💀 Feb 8th, 2024 - MSQSIMS on The Sims Resource is COMPROMISED!
Multiple MSQSIMS mods hosted on TSR are now confirmed COMPROMISED!
Last edited by JANUS; Feb 14, 2024 @ 6:14pm
#12
James3157 Feb 8, 2024 @ 11:54am 
Originally posted by JANUS:
Multiple MSQSIMS' mods hosted on TheSimsResource are now confirmed as containing MALWARE and we now have a RED ALERT on all of TSR. MSQSIMS' account is believed compromised.

I did not know that The SIms Resource had mods. I thought it only had cc. I will admit however that it has been a while since I last looked at that website.
#13
JANUS Feb 8, 2024 @ 12:14pm 
Originally posted by James3157:
I did not know that The SIms Resource had mods. I thought it only had cc. I will admit however that it has been a while since I last looked at that website.
I downloaded some tattoos and some makeup from there recently. I have a bunch pending to download... c'est la vie.
#14
JANUS Feb 8, 2024 @ 1:26pm 
💀 Feb 8th, 2024 - Answers HQ enters the chat.
Last edited by JANUS; Feb 14, 2024 @ 6:15pm
#15
< >
Showing 1-15 of 98 comments
Per page: 1530 50

The Sims™ 4 > General Discussions > Topic Details
Date Posted: Feb 7, 2024 @ 1:59pm
Posts: 98

Discussions Rules and Guidelines