Store Page
Cities: Skylines II
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Cities: Skylines II

Store Page
View Stats:
Global Achievements
Noob Oct 31, 2024 @ 11:45am
CS2 VIRUS .DLL Traffic Mod ⚠️
Be warned, As per Cities Skylines Discord & Steam News:

https://steamcommunity.com/games/949230/announcements/detail/4490744894194712654?snr=2___

"@everyone

Important update for all Cities: Skylines II Players:

There is a potential security issue that has affected the “Traffic” mod for Cities: Skylines II. Late Monday evening, an outside actor pushed an update to the mod, which includes a .dll file which we believe is malicious. We have already removed it and the current version as of <t:1730385300:F> is safe to download and use, but if your mod synced and you played the game using the mod between Monday and then, there is a possibility that you may have the malicious file.

We are working to determine the nature of this .dll, and we will update you as soon as possible. In the meantime, please take the following steps as soon as possible to secure your system:
- If you have not played with the Traffic mod and have not subscribed nor downloaded it, there should be no risk to your system and nothing you need to do.
- If you have the Traffic mod and have not played Cities: Skylines 2 between Monday and today, let the mod sync as normal, and the malicious file should be deleted automatically. Please still scan your system with an anti-malware program like Windows Defender.
- If you have played using the affected version, please check your local files. If you have any malicious files installed, you will find them here; %AppData%\LocalLow\Colossal Order\Cities Skylines II\.cache\Mods\mods_subscribed\80095_13.
- Note that it is **only specifically the 80095_13 folder** that will contain malicious files; if you do not see this folder, you do not have the compromised version of the mod.
- If you do locate this folder, use an antivirus or antimalware program to quarantine it and/or remove it from your system, and run a thorough scan of your drives.
- As a precaution, we recommend changing your passwords.

We are working on the following steps to ensure you can enjoy our mods safely and securely:

- We will be going through all files uploaded to Paradox Mods and see if any other mods have had unexpected updates.
- We have contacted the modder whose mod was compromised and discussed our recommended steps to secure their account. They have updated Traffic to a safe version, so anyone playing with version v.0.2.4 is playing with a safe version.
- Paradox Mods will receive an update that notifies modders when their mods have been updated so that creators are quickly alerted to changes they have not personally made.

**Sharing creative game content is at the heart of our community at Paradox, and we will continue to ensure you can explore mods safely.**

As an important reminder, do not share your account information or passwords with anyone; we will never directly ask for your password or personal information."
Last edited by Noob; Oct 31, 2024 @ 11:47am
< >
Showing 1-15 of 76 comments
Carson Oct 31, 2024 @ 12:20pm 
Do you know the sheer scale of users who have compromised systems as a result of this? This is a staggering issue. What the hell.
#1
LMB_123_space Oct 31, 2024 @ 12:25pm 
I have the folder, but with _14 instead of _13. Is that similar??
I hope to receive an answer soon.
Perhaps this is related to the constant crashes? not just freezing game, but a full reboot all of a sudden. Never had that happen before.
Last edited by LMB_123_space; Oct 31, 2024 @ 12:27pm
#2
LMB_123_space Oct 31, 2024 @ 12:29pm 
Originally posted by Carson:
Do you know the sheer scale of users who have compromised systems as a result of this? This is a staggering issue. What the hell.
I'm wondering if there is some kind of scan before files and updates are made public or after. If it's the latter, no more mods for me. Mods should be seen as malicious unless proven otherwise imo.
#3
Caprea Oct 31, 2024 @ 12:41pm 
Originally posted by LMB_123_space:
I have the folder, but with _14 instead of _13. Is that similar??
I hope to receive an answer soon.
Perhaps this is related to the constant crashes? not just freezing game, but a full reboot all of a sudden. Never had that happen before.
_14 is the newest version, that one is ok
if you had _12 you would be good.
_13 is the bad one
_14 could mean you have had the bad one, so if you played with that, might be a problem

(As far as I understood the whole thing)
#4
LMB_123_space Oct 31, 2024 @ 12:44pm 
Originally posted by Caprea:
Originally posted by LMB_123_space:
I have the folder, but with _14 instead of _13. Is that similar??
I hope to receive an answer soon.
Perhaps this is related to the constant crashes? not just freezing game, but a full reboot all of a sudden. Never had that happen before.
_14 is the newest version, that one is ok
if you had _12 you would be good.
_13 is the bad one
_14 could mean you have had the bad one, so if you played with that, might be a problem

(As far as I understood the whole thing)
Thank you, I don't know if I have had _13, so I took the precaution to just delete all CS and CO files manually and then ran the 'scrapper' of my antivirus on top of it.
Have to reinstall everything and lost my saves. But rather have that then whatever problems can come from havign infected files on my system. Full scan of everything up next.
#5
Cosmic Sea Oct 31, 2024 @ 1:01pm 
Originally posted by LMB_123_space:
Originally posted by Carson:
Do you know the sheer scale of users who have compromised systems as a result of this? This is a staggering issue. What the hell.
I'm wondering if there is some kind of scan before files and updates are made public or after. If it's the latter, no more mods for me. Mods should be seen as malicious unless proven otherwise imo.

Mods are and have always been "download at your own risk". This is a security issue/deficiency with the security of the paradox mods platform as a whole. Maybe a call for added two-factor-authentication when publishing new mod versions or another much harder to implement and maintain solution would be if paradox mods gets some sort of automated vulnerability scanning into the upload process.

I doubt either solution happens, not anytime soon. Guess I'm just fortunate I haven't played the game in a while.
#6
lukas Oct 31, 2024 @ 1:10pm 
yeah...this is why normal company that know how to do it job is not using mods as basic skeleton on which his game will work...because of security issues. <sigh> their skill and expertise is on so incredible level....way below incompetent and not fit for work...
#7
Nox Oculis Oct 31, 2024 @ 1:22pm 
Thx for advise
I started a city on Monday and I had crashes with the traffic mod,
now i know the cause !
everything is back to normal now.
Last edited by Nox Oculis; Oct 31, 2024 @ 1:24pm
#8
G Oct 31, 2024 @ 2:07pm 
I have had code in game rewritten in the game by a users mod -

now I cannot play the game -

the rewritten code in the actual game files was confirmed by the DEV's -

then they stopped helping me fix the problem -

just completely stopped talking to me - They are disgusting - really disrespectful and deceitful.

The code somehow will not go away after clean reinstalling over 8 times - as per their instructions.

So they have a much bigger issue at play here.
#9
Noob Oct 31, 2024 @ 2:40pm 
Originally posted by G:
I have had code in game rewritten in the game by a users mod -

now I cannot play the game -

the rewritten code in the actual game files was confirmed by the DEV's -

then they stopped helping me fix the problem -

just completely stopped talking to me - They are disgusting - really disrespectful and deceitful.

The code somehow will not go away after clean reinstalling over 8 times - as per their instructions.

So they have a much bigger issue at play here.

Damn!
#10
kenh Oct 31, 2024 @ 3:09pm 
I have had no bad behaviour and I did find the offending folder which I just deleted. Everything seems OK and Traffic works fine.
#11
Blacknight's Revenge Oct 31, 2024 @ 3:16pm 
thank you for the timely update. Keep up the great work
#12
Systemicyco Oct 31, 2024 @ 3:35pm 
It may be worth Paradox issuing a data breach notice in the UK and EU to the relevant authorities. If it breaches the EULA it likely breached the law.
#13
BoraBora Oct 31, 2024 @ 3:38pm 
Originally posted by Cosmic Sea:
Maybe a call for added two-factor-authentication when publishing new mod versions or another much harder to implement and maintain solution would be if paradox mods gets some sort of automated vulnerability scanning into the upload process.

I doubt either solution happens, not anytime soon.
Unfortunately, you're right on both counts. 2FA would be a first step for a more secure platform. The Steam workshop enforces 2FA for mod uploads. But PDX will go for the old-fashioned method:

Paradox Mods will receive an update that notifies modders when their mods have been updated so that creators are quickly alerted to changes they have not personally made.

This is pathetic.
#14
nomad Oct 31, 2024 @ 3:39pm 
I had the folder, scanned it but defender didn't identify any malicious files. Not sure if that's because defender isn't comprehensive enough or whatnot. Deleted the mod a few days ago because it was literally a useless mod, manually deleted the folder. My game is still randomly crashing though and not really sure where to go from here.
#15
< >
Showing 1-15 of 76 comments
Per page: 1530 50

Cities: Skylines II > General Discussions > Topic Details
Date Posted: Oct 31, 2024 @ 11:45am
Posts: 76

Discussions Rules and Guidelines