Schedule 1 has been blowing up on social media and Twitch lately, with literally everyone and their friends getting in on the craze. And aside from fleeing the cops and dealing with feinding customers, players have something new to worry about. And now, Schedule 1 malware is something gamers across the globe have to be worried about. As is usual with something that gets very popular overnight, things go badly quickly.
With Schedule 1 still in Early Access, players have been taking updating and adding quality-of-life features to the game with mods, and things have already gone wrong. It would seem that Nexus Mods has a major problem with its security protocols. Maybe implement an upload or update restriction on accounts that have clearly changed hands?
As reported by The Gamer, a new PSA on the Schedule 1 subreddit has alerted players to malware discovered in some popular mods In this case, it would appear the mod author sold their Nexus Mods account to a malicious individual, who then updated the mod with an infected version of the mod.
The mods discovered so far are “Backpack Mod Reupload” and “Increased Stack Size Limit,” and should both be removed ASAP. You should also definitely run multiple anti-malware scans against your machine and change your various passwords if you’ve run the mods.
This isn’t the first time a major game has been the subject of malware controversy either. Everyone from modders to cheaters have had to deal with this, so make sure to check ANY files you download, even from trusted sources. You never know who has control over the accounts uploading mods.
[URGENT PSA] Malware Found in 2 Popular Schedule 1 Mods – Uninstall Immediatelybyu/HBizzle24 inSchedule_I
There was a rather infamous case of someone doing this exact attack with a Sims community modder account. Various mods were uploaded by hacked accounts that then infected hundreds of machines belonging to Sims fans. The event prompted other developers in the scene to develop an anti-malware mod that would check running files for malicious behavior.
In the gaming space, malware masquerading as mods is very common. There are also a few examples of developers injecting malicious code into DLC, such as a flight sim game pushing malware as “DRM”.
Various major companies have also been subject to a “supply chain” attack where a malicious actor injects code into an underlying piece of software that gets used in tons of games and mods. One attack hit ASUS and their live update tool, infecting tens of thousands of machines.
