GTA 5 mod discovered to contain malware keylogger - Polidicks

The Angry Planes mod for GTA 5 has been found to contain malware [url]https://www.gta5-mods.com/[/url] Top of their news, I can't specifically link the actual article. [url]http://gtaforums.com/topic/794383-possibility-of-trojan-downloaderspyware-installed-via-gta-v-mod/[/url] Here's a more detailed look at it.

time to go change all my passwords and delete the asi, thanks moddb for including it in that mod pack

Ah shit. Well, I'm glad I barely downloaded any mods. The ones I have don't seem to be on that list. I hope they decide to monitor files people upload now more closely.

Searched Fade.exe in Temp, found nothing. Am I safe? Never installed this mod but I did install some others.

[QUOTE=itisjuly;47724348]Searched Fade.exe in Temp, found nothing. Am I safe? Never installed this mod but I did install some others.[/QUOTE] Only Angry Planes contained this malware.

[QUOTE=Binladen34;47724366]Only Angry Planes contained this malware.[/QUOTE] and some noclip mod as well

[QUOTE=Binladen34;47724366]Only Angry Planes contained this malware.[/QUOTE] That's good to know. So how do we avoid getting infected mods? I'm slightly paranoid. Demand full source?

Read the GTA forums post I linked in the op. oh avoid, I thought you said clean the infection. Avoiding getting infected would start with avoiding mods until mod sites clean up their shit.

Every mod needs to have the source code checked by the mod database before being approved. These mods are basically C++ DLLs with the file extension renamed, making them into viruses is INCREDIBLY easy.

[QUOTE=itisjuly;47724405]That's good to know. So how do we avoid getting infected mods? I'm slightly paranoid. Demand full source?[/QUOTE] The source has already been linked to: I can confirm cos I know a few people who downloaded this and have the malware. edit: can't read

There always seems to be a real lack of quality control when it comes to GTA mods, I'm not trying to say that all modding websites are like this, but many of them allow any old shit to be uploaded.

[QUOTE=ZeroTimesCookie;47724419]The source has already been linked to: I can confirm cos I know a few people who downloaded this and have the malware.[/QUOTE] Source code for the mods

[QUOTE=Ninja Gnome;47724325]time to go change all my passwords and delete the asi, thanks moddb for including it in that mod pack[/QUOTE] Why blame them if they were unaware themselves?

Wowwww I was honestly going to click download on that mod last night and I decided against it because I didn't feel like installing it. My laziness prevails yet again.

[QUOTE=Helix Snake;47724416]Every mod needs to have the source code checked by the mod database before being approved. These mods are basically C++ DLLs with the file extension renamed, making them into viruses is INCREDIBLY easy.[/QUOTE] What's to stop them sending clean source code and a dirty DLL? Maybe have someone trusted check and compile mods?

[QUOTE=itisjuly;47724348]Searched Fade.exe in Temp, found nothing. Am I safe? Never installed this mod but I did install some others.[/QUOTE] Search for "Logs". I found the folders with the keylogs, but Fade.exe was gone. Look for "Logs", and see inside if they are folders with dates. Goddamnit, that NoClip mod was pretty useful too. Fuck.

I wonder what other mods might have something like this. This is going to make the GTAV mod community paranoid as hell.

[QUOTE=ferrus;47724532]What's to stop them sending clean source code and a dirty DLL? Maybe have someone trusted check and compile mods?[/QUOTE] All they have to do is compile the source code and check if they get the same thing as the DLL. If they don't, it's bogus. Here on Facepunch there have been DLL released for Gmod mods, they work the same way. You post the source code and people can easily check.

[QUOTE=Helix Snake;47724566]All they have to do is compile the source code and check if they get the same thing as the DLL. If they don't, it's bogus. Here on Facepunch there have been DLL released for Gmod mods, they work the same way. You post the source code and people can easily check.[/QUOTE] Don't different compilers compile DLL's differently?

For some reason, my keylogs only go up to May 7th. Any idea why? Could the newer folders be sent then deleted, or did the keylogger uninstall at that date?

[QUOTE=Van-man;47724577]Don't different compilers compile DLL's differently?[/QUOTE] They do. Even changing compiler settings produces different dlls of same code.

What an ass. I'm not sure what to do about this. The mod I made is currently 2nd highest rated mod on GTA5-mods.com, it's a compiled .asi, and I really don't want someone ripping off my mod, making a poor clone (or worse, making a clone with malware) and then uploading it, which is why I wasn't planning on releasing the source code. What would actually make people more comfortable with downloading my mod? How can I prove that its legit and that I'm making mods with good intentions?

[QUOTE=Trumple;47724603]What an ass. I'm not sure what to do about this. The mod I made is currently 2nd highest rated mod on GTA5-mods.com, it's a compiled .asi, and I really don't want someone ripping off my mod, making a poor clone (or worse, making a clone with malware) and then uploading it, which is why I wasn't planning on releasing the source code. What would actually make people more comfortable with downloading my mod? How can I prove that its legit and that I'm making mods with good intentions?[/QUOTE] Essentially linking to this post would make you innocent enough. But you could update it to be in a different format than the "unsafe" ones (.lua would probably work well).

[QUOTE=Trumple;47724603]What an ass. I'm not sure what to do about this. The mod I made is currently 2nd highest rated mod on GTA5-mods.com, it's a compiled .asi, and I really don't want someone ripping off my mod, making a poor clone (or worse, making a clone with malware) and then uploading it, which is why I wasn't planning on releasing the source code. What would actually make people more comfortable with downloading my mod? How can I prove that its legit and that I'm making mods with good intentions?[/QUOTE] Without giving source you can't. That's how it is.

[QUOTE=ZeroTimesCookie;47724625]Essentially linking to this post would make you innocent enough. But you could update it to be in a different format than the "unsafe" ones (.lua would probably work well).[/QUOTE] But then someone would make a poor/malicious port of it in C++ and we'd be back at square 1 [QUOTE=itisjuly;47724626]Without giving source you can't. That's how it is.[/QUOTE] I still can't even if I disclose the source - as someone mentioned, I could include a malicious .asi and a clean source

[QUOTE=itisjuly;47724626]Without giving source you can't. That's how it is.[/QUOTE] Well that and releasing it with a software license that condones making money on his effort without him receiving a nice share, and not crediting him in one obvious way or another. But it really doesn't help much in such case as this, since those people doesn't give a single fuck.

As has been mentioned above, posting source doesn't help. It's no easier to find out whether a binary contains malware when you have source code that doesn't.

[QUOTE=Trumple;47724640] I still can't even if I disclose the source - as someone mentioned, I could include a malicious .asi and a clean source[/QUOTE]Still, saves the risk for people who'd rather compile from source. I think mod loader should take source and compile so that mods can be distributed as source only. Maybe the mod loader dev will implement this once he sees that viruses is an issue.

[QUOTE=Trumple;47724640]I still can't even if I disclose the source - as someone mentioned, I could include a malicious .asi and a clean source[/QUOTE] This hardly protects your mod from being reuploaded with malware either. Injecting malware into a binary isn't particularly difficult.

[QUOTE=DrTaxi;47724647]As has been mentioned above, posting source doesn't help. It's no easier to find out whether a binary contains malware when you have source code that doesn't.[/QUOTE]I can just compile source and be safe.