Malware in game mods and unlicensed software

Anton P. | April 12, 2022

Video game modding integrates fresh ideas, characters, or quests into games we have grown to love. Sometimes, it can reinvent traditional gameplay in all respects, extending the shelf-life of popular titles.

However, modding communities do not necessarily get the approval or security verification from studios. It is usually an independent attempt to give games new life. And sadly, not all authors create trusted mods. It is possible to compromise players’ devices with a mod if it turns out to deliver malware-ridden software.

game mods

What are game mods?

Mods add new twists to the traditional gameplay. While they solidify the success of many franchises, they can contain data-stealing viruses or devastating malware.

The typical period for games to be in high demand is between 12 and 18 months. After that, the attention fizzles down, leaving only the most loyal fans tuning in to play regularly. Of course, some hit titles manage to stay relevant for years, like Minecraft.

Besides DLC bundles, the Minecraft modding community is incredibly active. So, while vanilla Minecraft might struggle to sustain itself, modpacks like SevTech Ages support its journey. Still, Elder Scrolls V: Skyrim is the king of mods, with over 60k contributions made.

While mods can keep you entertained for hours even after mastering the original game, they are not always safe to download. Such software can transform into the perfect bait for getting users to infect their devices unknowingly.

And such unfortunate scenarios are nothing new. Experts have been reporting them for years, like GTA V mods containing remote access trojans (RATs) and keyloggers. The latter captured Steam and Facebook account credentials.

Is it legal to create and use mods?

The legality behind game modding is problematic. Studios can allow fan-generated content, while others treat it as an infringement of the legal rights of the copyright owner. It is also possible that modders will need explicit approval from the game developers before they can make a mod.

Generally, mods are legal if they do not infringe a product’s copyrights. However, game developers can decide whether someone’s contribution is objectionable enough to account for violations.

Of course, mods that do not enforce the use of a legal game copy can be in hot water. Additionally, the issue of profiting from game mods is also tense. While modders can receive donations, they cannot get straight-up payments.

Lastly, some mods could set off anti-cheating system alarms. Therefore, using specific game alterations can be a bannable offense. For instance, an Elden Ring mod allowing players to lift the FPS cap could be a reason for bans.

Malware disguised as game mods

Mods can overhaul the standard mechanics, build new worlds, and offer unique storylines. In addition to these welcome alterations, mods could contain something unexpected and damaging.

There are reported instances of mods rigged with malware.

Dangerous in Cities: Skylines mods

A modder going by Chaos or Holy Water reportedly added an automatic updater into their work. The updater allowed the developer to install malware on devices. Additionally, some mods significantly hindered gameplay.

As a solution, the author introduced additional software, forcing players to install more dangerous programs. The malware-ridden mods affected approximately more than 35k players.

Mods, cheats, and cheat engines bring cryptors, concealing RATs

Researchers from Cisco Talos had detected a significant increase in malware using gaming-related content as bait. The tainted software delivered different malware strains. However, the most popular were remote access trojans. Hackers distributed such information-stealing viruses through YouTube how-to videos and fraudulent websites.

Exclusive content hides malware

In 2020, researchers detected a scam targeting Valorant players. The rigged software masqueraded as a product licensing key, giving access to the beta version of Valorant. Instead, it contained a keylogger, capturing everything that users type.

How to know if you can trust a game mod?

Modding communities dedicate their time and resources to pioneer new ideas and deliver them to enthusiasts. There are genuine people working on custom game components. Thus, here are some tips for navigating the modding landscape safely.

  • Bogus software distribution sites. Respected modding communities like Nexus Mods have a broad selection of software. However, you should never venture into little-known websites offering unlicensed software or mods. Many YouTube how-to videos promote such malicious downloads.
  • Scan software with trusted antivirus programs. User-generated content is never fully reliable, even if you download mods from well-known sources. Therefore, protect your devices with antivirus software and run scans to see whether there are many issues.
  • Do not trust shady platforms. This recommendation applies during your entire online journey. Websites with a dozen download buttons and pop-ups might immediately trigger warnings. However, other fraudulent sites can be more subtle.
  • Do not mix modding and piracy. Modding elevates gaming experiences, and successful products can attract more game buyers. Therefore, mods should encourage the use of official software. If a mod offers a paid game included for free, it is not a legitimate download.
  • Protect online gaming. All players should recognize the potential dangers when playing online. So, take the necessary precautions, like two-factor authentication for your gaming accounts. Also, read the community guidelines and EULA documents for more clarity. For instance, mobile games can take advantage of the information you generate, like silently keeping tabs on your location. Also, install a VPN to encrypt traffic, which fights off unnecessary tracking and protects each data exchange online. Online gamers can also use it as a way to reduce ping if their Internet Service Providers throttle connections.
Ultra-fast VPN servers around the world

Ultra-fast VPN servers around the world

Choose from 750+ high-speed VPN servers and enjoy fast and stable connections anywhere.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.



© 2023 Atlas VPN. All rights reserved.