Project Zomboid developer The Indie Stone has delisted 14 mods and banned their author after reports from multiple users alleged that they contained "malicious code."
"We immediately investigated the mod in question, which contained heavily obfuscated code, and confirmed it was creating malicious files outside of the Project Zomboid directory," the team explained in a Steam blog post. "These mods had been installed on between 50 and 2,200 devices.
The CDDA challenge is a really, really bad time.
"At this time, the full scope and behavior of the malicious files have not been fully determined," the statement continued. "However, because these mods were capable of creating files outside the game directory, we strongly recommend that anyone who downloaded them take appropriate security measures to ensure their system is safe. Simply uninstalling the mods is not sufficient."
The mods in question were add-ons for True Moozic, though unaffiliated with True Moozic or its author.
As reported by FRVR, the malicious code only ran if Project Zomboid was being played on the Build 42 update branch, and the team has since "Updated the outdatedunstable branch to match the unstable branch to avoid leaving a known vulnerability accessibility."
To prevent this from...
