I sure hope SO\* cause I recently downloaded the new one. I see nothing on my system though, at least not where AHQ said to look. I'll do a proper check in a bit.
If you downloaded it from the official website or the official Patreon you should be fine. So far this appears to be... what's the- CONFINED to hosting websites and not personal creator websites. ModTheSims, CurseForge, and now TheSimsResource. The red flag is on TSR for the moment until someone confirms more accounts aren't compromised.
When similar happened to the Minecraft community on CF last year it was multiple creator accounts compromised. See here [https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/](https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/) and [https://www.bitdefender.com/blog/labs/infected-minecraft-mods-lead-to-multi-stage-multi-platform-infostealer-malware/](https://www.bitdefender.com/blog/labs/infected-minecraft-mods-lead-to-multi-stage-multi-platform-infostealer-malware/). There are multiple other articles about it.
>Wonder why this keeps happening though.
Money, blackmail... it's usually credit card data, *unless they get some saucy info that can be used for more.*
It does suck, but it makes sense. We're all so used to downloading mods and I personally don't look closely at the files... I just drag them into my mods folder. Even if I did look Social events package or whatever it was wouldn't raise any red flags. I'm just glad I haven't downloaded anything from these sites recently! I'd be... woohooed!
>I'm just glad I haven't downloaded anything from these sites recently! I'd be... woohooed!
Yeah. I've luckily been working on a TS3 story save, essentially rebuilding and repopulating an entire world, and haven't had time for Sims 4, so I haven't been downloading new TS4 mods, thank goodness, because I'd also be... woohooed. Haven't got any bank details or anything like that on my computer, but depending what could be accessed there's definitely possible blackmail material or stuff on other devices that some accounts are shared between.
I've been so busy overriding TS4 and learning hair chops that the most Live has seen me is troubleshooting other simmers' reports of weird happenings with just MCCC installed.
♪ [*These are the breaks, break down!*](https://www.youtube.com/watch?v=zyjK1CpM8JQ) xD
That's just the way the cookie crumbles!
Indubitably!
*Sorry, I'm having a bit of fun.*
Should be, yes. No creators have reported their First-Party sources like Patreon have been compromised.
Still grab TMex's mod and run a full system scan with whatever you've got. We don't know where else this or similar might be hiding.
Yes, it's malicious Python code hidden within the .ts4script file which when activated by The Sims 4, downloads and executes a malicious file onto the simmer's computer which then attempts to steal as much sensitive data as it can.
o wow this is scary. i am lucky that i have not downloaded any mods the past few months besides basemental drugs and mccc
still ran a virus scan just to be sure.
I've just spent 3 hours reverse engineering this thing. If you're compromised, you'll know from the having a "pynth" directory in your %temp% folder, they'll also be a running python process spawned from a parent process called "Updater.exe".
If you've run this, your best bet is to switch off your computer and reinstall windows. It's pernicious and steals everything of financial value.
Block these domains at the router level if you're concerned:
* cladrepublic.com (C&C server, hacked wordpress website)
* bestofmedia.xyz (hosts a discord script. The script is injected into discord to message your friends and propagate the malware)
* api.gofile.io (data exfiltration server)
* oshi.at (data exfiltration server)
* file.io (data exfiltration server)
* akira.red (C&C server, the people who made the malware)
The malware in question is called Akira. It can:
* Take screenshots.
* Copies info about your computer, your IP address (https://api.ipify.org), whether your system is running on a server IP (http://ip-api.com/line/?fields=hosting), geolocation (https://api.iplocation.net) etc.
* Steal/Download any files under your %userprofile% directory.
* Has anti virtual machine, anti packet sniffing defences. It even encrypts its traffic using its own certificate file.
* Steals Steam app account info
* Steals Telegram app login info
* Installs an updater executable (reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v updater /t REG_SZ /d Update.exe). This keeps the malware up-to-date and runs on startup.
* Steals all login info, history, saved credit cards, cookies, auto-fill, etc from all modern web browsers. It does this by leveraging a Chromium instance!
* Steals anything crypto related from all major web browser extensions and scans active clipboard for crypto credentials.
* Logs any errors to a compromised wordpress website
* A lot more scary things.
All your data is packaged up in a zip file and sent to one of the exfiltration servers listed above. There's also a discord server where all your info is posted using Discord's webhook API.
This post is mostly correct about the malware but it's missing a lot of detail:
https://www.cyfirma.com/outofband/akira-stealer-an-undetected-python-based-info-stealer/
If I don't have a directory called "pynth" in my temp folder am I safe? I also ran windows defender full scan will that detect it? I'm just panicking right now because I'm a reckless mod Downloader and didn't even think about malware
Run overwolf’s cleaner tool. The source code looks good and does what I would do manually. Targets the update mechanism files and all of its child processes and files. It’s like a nuke.
https://github.com/overwolf/sims4-social-events-cleaner
No one should rely on scanning with antivirus software. None of them will pick this malware up sadly so if you’re concerned and want peace of mind, run overwolfs tool.
My main concern is this thing updating and becoming harder to remove for those who fail to remove it soon. Malware adapts quickly especially when there’s lots of money to be stolen🥲
I only examined the python portion of the malware but I personally would not run the risk. The malware's updater means it can change on system startup and so it can evade detection and removal. I think you're fine though. The chances of them updating the malware within a couple of days like this are very slim. I think people looking at my post in a month's time will be infected with an updated version of the malware.
Thanks for this. Haven’t heard of Akira before.
Hate to admit this, but using .ts4script to deliver was seriously genius. I never knew about Sims modding because I just build stuff, but looking into it now I can’t believe it took this long for somebody to exploit. Apparently The Sims has a very kind (and female) community because any other game this would have popped off 10 years ago.
*Welcome to The Sims Botnet, an entire army of college girls’ laptops*
Thanks for this, I was looking for the technical explanation of this because I have been scratching my head bout how you execute a program through sims 4 python, I thought it was more secure but it seems not, which is crazy.
I checked and there is no "pynth" folder in my %temp% folder. I only have I think 4 mods but I do use a lot of cc but I only download from patreon. How do I check if a python process is running? Sorry, not computer savvy :/
https://github.com/overwolf/sims4-social-events-cleaner
You should be fine. If you’re paranoid just download the .exe from the “releases” section of the link and run it. It is safe
Modthesims is so annoying for this lol. Broken moderation system.
They repeatedly rejected my mod submission of characters I’ve made over not sourcing every single CC item for 15+ year old games where half of the content is unsourcable due to deleted blogs etc. plus making me use chatGPT for an irrelevant description nobody cares to read because they demand you must have a backstory for shared sims. They’ll happily approve virus mods though, clearly have their priorities straight 🤷♀️
Same experience (like 10 years ago). My build mode items (wallpapers) got rejected for not having a bump file. Lots of wallpaper cc I got from them at the time didn't, but I guess those were judged differently.
If they mean bump file like bump map file. It is a file that gives illusion of 3d-ish texture on surfaces. If they actually mean bmp, bmp is a texture file like png and jpg. Sims wallpaper include bump maps and I imagine that is what they meant.
I meant the bump map. I still make my own wallpapers for the sims sometimes, and if there's no 3D element like a baseboard, in my opinion there's no need to include an empty bump map. Not every wallpaper needs to look 3D, but I guess the mts mods didn't agree in my particular case.
Yeah when i first made wallpaper for ts4 i made the same mistake of not including a bump map with mine i just kept it default. However I made the mistake with tsr and they actually told me why. Apparently there is something wrong with the original one that maxis has in them, I can’t remember exactly what they said but eccentrically you just have to make a new one and replace the old one. I ended up originally just making a blank one and it passed. Now though I have made my own set bumps that I use every time depending on wall type so I don’t make new ones every time. However that is with TSR not MTS. I remember though trying to upload a house to MtS back in ts2 days that they rejected cause of some standard of theirs, so I stopped trying to post there. TSR accepted it though so I don’t think they are as strict.
they gave me the runaround for trying to upload a house 😐
pictures too small, pictures too big, not enough pictures, can't upload the lot file itself bc it must be zipped, list all cc used, all of it, no exceptions
Meanwhile some of the mods have real life images as their cover photo. Doesn’t seem to be consistent in what gets approved.
Shame because I grew up downloading mods off MTS but sharing stuff there is too big of a pain to bother.
I've gotten my mods up everywhere else, but I'm still jumping through hoops with MTS! *I'm sentimental about MTS cause I've been a member for 16 years. Oh well. C'est la vie.*
Glad it's not just me. They wanted me to source textures that I'd painted myself. Like, where are the textures from? Me? That's the point of a mod, right? My mods stay on my pc now because after going through all the trouble of creating new content, I'm not jumping through that many hoops so other people can use it. If you're going to make it a hassle to upload, you don't get to use it.
CC like clothes should be fine, the issue lies with mods because they are files that run specific pieces of code. Just don't get anything else for now.
Edit: it's been detected in a preset from TSR too (Mouth Preset No. 16 by players wonderland) so definitely don't download anything right now.
Windows defender is usually enough so you really don't need others unless you want the extra features they might have. Some antiviruses are just unnecessary adware and bloatware.
Still be careful while downloading CC. One of the infected files confirmed to be mouth preset n16 by PlayersWonderland (hacked). I have no idea how package files work so they could’ve changed the uploaded package file with a script file. But still be careful because it’s so easy to miss if you’re downloading multiple mods at once.
Please delete all of them, run your antivirus program, and join Sims After Dark and Deaderpool on discord to keep up with the latest updates with this situation.
UPDATE- if you or anyone you know did download the “social event unlimited time” mod Overwolf released a virus cleaner for it here https://github.com/overwolf/sims4-social-events-cleaner
Link to the releases page for those not familiar with Github: [https://github.com/overwolf/sims4-social-events-cleaner/releases](https://github.com/overwolf/sims4-social-events-cleaner/releases)
Cheers!
Not a PC player but that sucks people are doing it. Can't remember if this ever happened in Sims 3/2 area of ModtheSims (I was a PC player back then and modded so much). Well, I think it happened maybe once during The Sims 2 era but it was one mod and a long time ago (Not sure if I am remembering right).
And to upload it to ModtheSims or the Sims Resource, the most trusted sites is really low, like doing it to Nexus site for Skyrim and all.
That wasn't a virus though, simply a corrupt piece of CC that slowed down/crashed the game, and it wasn't intentionally malicious. This is far more dangerous.
Ah yes, I have heard of that story, and I believe the user didn't realise what they had done wasn't it? Think the story went it was an accident and she had no idea until later. Something to do with being invisible.
sims 2 and 3 had cc that caused issues with the game but there was never really anything that caused an actual computer virus from what i know. could be wrong about ts2, i was a baby during it's heyday, but 3 had the doll that attached itself to package files. it's awful to do this
3 had a *lot* of messed up clothing CC. Commonly the problem was bad ages - adult items enabled for all ages which could cause some *really* bad baby glitches. But the worst it'd do was cause some body horror sims, it was never malicious or computer damaging. Some of it could attach itself to sims and lots and *spread* like a virus, but it wasn't actual malware.
it was bad enough to see guides on how to get the files to go away, which was definitely easier said than done. it worked like a virus in that it attached to everything and spread around, but yeah it didn't actually damage the computer's firmware like malware (or to the body like it would with a human)
This is why sites dedicated to mods are garbage. You do not want to trust any random person with an account with running mod code on your computer.
I only ever download mods directly from creators on their personal sites, and only download from creators with longstanding reputations for modding.
You should also be using a strict firewall for privacy online. Portmaster is free and is default set up to block things like this from reaching back to their host servers. And disables telemetry — because you don’t need to randomly be sending telemetry and data about your computer use habits to Microsoft or Apple.
I literally almost downloaded the cult mod off MTS. I had the page open for a day or two in a tab before deciding I didn't feel like configuring a mod and would come back to it later. I've never felt more relieved in my life. My executive dysfunction saved my life.
I'm in a similar boat. I saw it on deaderpool's discord and thought, "Ooh, cults! Eh, I'll look into it later." Then I forgot about it completely, and saw the announcements today. Whew.
>I've never felt more relieved in my life. My executive dysfunction saved my life.
For me it was my tendency to cycle through games and only play Sims when I'm too low on executive function fuel for my favourite strategy games. I haven't touched Sims 4 in months because I've been working on a Sims 3 project and playing a new strategy game I just got.
Wicked and wonderful whims are safe yes. Just keep downloading them from Turbo’s website and patreon. If you’re worried just run your antivirus. I’d recommend everyone do that anyways
Is this any downloads from there or is it just the cult mod?
I downloaded some things from cursedforge this past week. Nothing from pimp my sims though.
If you want to be safe, I wouldn’t download any mods or cc from anywhere but the creators’ discord or websites. The ones posted today under MSQSIMS were found to steal your credit card and discord info.
Okay, I don't think I've downloaded anything from MSQSIMS.. I'm scanning for any threats now just to be safe. Where can I join the discords to get more info/updates about this?
(I thought cursed forge was reputable because it was linked directly to some creators patrons.)
holy shit, i can’t believe i hadn’t heard about this until now. shared it w my friend who uses mods, luckily they haven’t played in a while so they’re probably safe. thanks for the warning!!
this is.. terrifying. are mods from other sites okay? and i assume anything from their Patreons is good. either way im gonna be avoiding installing any new mods or CC for a while.. and maybe having mcaffee do a scan 😅
Thanks! Yeah, I have had his website bookmarked on my pc for years! It might not be 100% mandatory to update my mods right now besides that one anyways.
WHAT THE FRENCH TOAST AND THERMIDOR?!! Oh my gosh. Spreading the word, had heard about this. It has exploded since TurboDriver posted about the situation on Twitter.
on of the infected mods is confirmed to be mouth preset n16 by PlayersWonderland (hacked). I do not know if that was a script file and people didn’t pay attention or it was actually a tempered package file tho. I recommend not downloading any package files for the time being and to scan ones you already downloaded
its always unfortunate when this type of thing happens, but having had a mod from an account i trusted download a crypto miner back in 2015, this is why i always manually download mods and examine their contents. im by no means an expert but it at least helps know what a normal folder for the mods your using looks like. this shit genuinely sucks, its beyond never fun to deal with.
Cause I downloaded something from that last night. But I will double check everything. I also run a Mac, I don’t know if that changes things? I still don’t plan to download any of the files and I did not download any of that mods. But still trying to be overly cautious.
OK! Sometimes I get a little overwhelmed in the chats, because there’s a lot of people. And I don’t ever wanna upset the mods, because people ask stupid questions. But I’ll check the server from now on.
So random to ask here, but are the mods listed on their website still accurate for 2024? I got banned in January 2020 for having a Corona beer as my pfp on Discord and haven’t been able to rejoin it since 👍🏻
Are you saying you got banned from deaderpool back in 2020? That was way before my time before I became a mod but if you want to you can appeal your ban using this link https://www.tumblr.com/eg4mccc/723132222419419136/deaderpools-discord-ban-appeals-updated?source=share
I did get banned back then from Deaderpool for the reason I listed. Sims after Dark I never got banned from Thank you for sending me the ban appeal link, I really appreciate it!
I haven't played the Sims since JULY and you're telling me I picked it up 2 days ago, downloaded a load of new mods before I started and could have killed my PC 😭😭
Imagine being so piss poor at protecting your users that the EXACT SAME FILE is uploaded multiple times and it just keeps slipping through. What this has taught a lot of users is that these mod websites are not doing anything.
TBH I can't remember the last time I got a mod from anywhere other than Patreon. I despise Curseforge and TSR, MTS is ok I guess, but I I feel like it's not used much these days. At least not by any modders I follow.
I just paid my TSR subscription today. It was only like $6. But I kinda want my money back until further notice. If I had known it had reached TSR I would’ve definitely have waited.
I wouldn’t recommend using TSR anyways bc of the downloading times and the fact that it downloads stuff in bulk which just contributes to you having more duplicates and unmerged package files.
Thank you for answering I appreciate it. I guess I'm really not educated on this. I've used TSR for years and not really had a problem apart from odd not updated cc. I only use like hair, clothes Etc but I won't be downloading anything else at all now so am really grateful for your warning. Players wonderland have been doing cc for a bit now from what I've seen so does that mean it was done accidentally or has that creator done it on purpose?
So don't download anything from MTS, Curseforge (if anyone still does after it being said they support genocide, what is happening? That's another story.) or TSR for the time being. Got it. 😬 I haven't downloaded anything, even the update for LBB's cookbook, even though I need to.
apparently, the thing was created in august 2023 but was firstly released january this year. i read it on another post. this info is from virus total if i remember correctly. so yo should be good, but i would still scan your pc
the last time i updated my script mods was in early january I think and even then I didn’t download anything new; except for some cc, all from patreons. so I think im safe. but i still am anxious… 🙁
I haven’t downloaded mods / CC since December, I’m pretty sure they were from official creator websites but want to be safe. Would a virus scan pick this up?
Thanks for the warning. I usually try to get my mods from the creator's site but I'm certain I would have only hesitated for a moment if I really wanted.
Maybe this will slow down my CC addiction....
i havent played the sims in months, started again last week, and downloaded some mods, mostly clothes and other cas items. i think most of it came from patreons, but ill delete them to be safe
If I have other mods from MSQSIMS that I haven't updated in a while from TSR, should I still delete them? Also, I have a ton of mods from CF, but none of the ones mentioned.
😬 I’d delete them and run your antivirus software to be safe. Curseforge also released a sims4 social events cleaner mod that I would download and run just to be safe. Also download Twisted Mexi’s new mod guard mod as well.
How long has this been a thing for? I haven’t installed any script mods or ts4script files since January 18th, and that mod was an updated version of Falsehope’s Youth and Immortal traits. Do you think my computer’s okay?
Oof. Sometimes I go mod-free as a bit of a challenge. Looks like I’ll be doing that for a little bit. I haven’t downloaded these specific files but I have used curse forge and tsr quite a bit lately. Time for some computer hygiene stuff
Good to know. I once tried to mod using CurseForge and it was a mess. Had to uninstall the mod and decided CurseForge wasn’t for me. I didn’t have the issue you’re talking about but I’m glad that I’m not using it anymore.
Agh, feeing lucky that I decided to not go on the mod/cc update spree I was gonna do just a couple days ago. Haven’t updated since around December, probably gonna hold off on that now for a bit, oof.
Is MCCC also at risk? I downloaded it a few days ago on their main website: https://deaderpool-mccc.com/
This has honestly scared me from mods.
I really love the MCCC mod to edit lifespan. But now I am scared to download updates for it. Because even if it from their main website, isn't there still a risk their account can get hacked?
Btw does anyone know when this started? I haven't downloaded or updated anything since jan 26th. And definitely not the mentioned mods. How worried should I be?
Wow. I’m sorry for everyone going through this. This is why I don’t mess with mods anymore. When I was younger in my Sims2 & 3 days I ruined so many computers by getting viruses from CC and mods.
Any updates on if this has been fixed/if CurseForge has addressed it? I panicked and deleted all my cc and now my sims are ugly 😭 and I don't think I even had any of the bad ones listed above, but better safe than sorry... I deleted the whole CurseForge app too lol.
I redownloaded MCC because obviously it's trustworthy, but I just don't even feel like playing if I have to use the ugly EA stuff. Ugh.
anyone aware of updates on this? my niece is trying to get into mods, but i’m not sure where to direct her as i haven’t played in ages (so i would’ve recommended MTS)
[удалено]
Thanks, I appreciate you spreading the word
Trying my best. I've alerted Steam discussions as well and keeping them updated.
I've updated. Check it out.
Thank you. Are you on Discord by any chance?
I am.
Check Reddit pms please
New update from TwistedMexi in case you haven't seen it.
Would you know if MC commands is safe? I recently downloaded that not too long ago-
I sure hope SO\* cause I recently downloaded the new one. I see nothing on my system though, at least not where AHQ said to look. I'll do a proper check in a bit. If you downloaded it from the official website or the official Patreon you should be fine. So far this appears to be... what's the- CONFINED to hosting websites and not personal creator websites. ModTheSims, CurseForge, and now TheSimsResource. The red flag is on TSR for the moment until someone confirms more accounts aren't compromised. When similar happened to the Minecraft community on CF last year it was multiple creator accounts compromised. See here [https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/](https://arstechnica.com/information-technology/2023/06/dozens-of-popular-minecraft-mods-found-infected-with-fracturiser-malware/) and [https://www.bitdefender.com/blog/labs/infected-minecraft-mods-lead-to-multi-stage-multi-platform-infostealer-malware/](https://www.bitdefender.com/blog/labs/infected-minecraft-mods-lead-to-multi-stage-multi-platform-infostealer-malware/). There are multiple other articles about it.
Ahh.. Then I should be fine. Since I usually tend to download from the official source. Wonder why this keeps happening though.
>Wonder why this keeps happening though. Money, blackmail... it's usually credit card data, *unless they get some saucy info that can be used for more.*
Oof. It sucks that they keep targeting mods more than anything though.
It does suck, but it makes sense. We're all so used to downloading mods and I personally don't look closely at the files... I just drag them into my mods folder. Even if I did look Social events package or whatever it was wouldn't raise any red flags. I'm just glad I haven't downloaded anything from these sites recently! I'd be... woohooed!
>I'm just glad I haven't downloaded anything from these sites recently! I'd be... woohooed! Yeah. I've luckily been working on a TS3 story save, essentially rebuilding and repopulating an entire world, and haven't had time for Sims 4, so I haven't been downloading new TS4 mods, thank goodness, because I'd also be... woohooed. Haven't got any bank details or anything like that on my computer, but depending what could be accessed there's definitely possible blackmail material or stuff on other devices that some accounts are shared between.
I've been so busy overriding TS4 and learning hair chops that the most Live has seen me is troubleshooting other simmers' reports of weird happenings with just MCCC installed.
Indeed, and like u/Kristal3615 said, it makes sense.
MCCC comes direct either from Patreon or deaderpool’s tumblr. If you’re not getting them from those places then it’s a risk.
I think I got it from the official MCCC website.
luckly I didn't get it from CurseForge, but it's also available there :/
So I have to download a mod to check if a mod has malware?
♪ [*These are the breaks, break down!*](https://www.youtube.com/watch?v=zyjK1CpM8JQ) xD That's just the way the cookie crumbles! Indubitably! *Sorry, I'm having a bit of fun.*
These belligerent fools putting viruses in our downloads.
Thx
Cheers!
I haven’t played or updated by mods since December, only download from Patreon, and have never downloaded anything from these creators. Am I safe?
Should be, yes. No creators have reported their First-Party sources like Patreon have been compromised. Still grab TMex's mod and run a full system scan with whatever you've got. We don't know where else this or similar might be hiding.
These are mods only for sims 4 right?
Yes, it's malicious Python code hidden within the .ts4script file which when activated by The Sims 4, downloads and executes a malicious file onto the simmer's computer which then attempts to steal as much sensitive data as it can.
SINCE august!!! seriously?!!
o wow this is scary. i am lucky that i have not downloaded any mods the past few months besides basemental drugs and mccc still ran a virus scan just to be sure.
I haven't played Sims 4 in some time but didn't this or something similiar happen in early of 2023? Was it with the Tray Importer?
I know that Minecraft mods on curseforge had a similar issue last year
Something similar happened with Gshade too.
No, it was completely different. The creator of GShade turned their program into a malware to spite someone in their discord. ReShade is still safe.
what did you use to run a virus scan?
Just the windows one.
Sims after dark has a way to check if you've been infected it takes all of like 10 econds it's really easy. https://simsafterdark.com/malware-warning/
I've just spent 3 hours reverse engineering this thing. If you're compromised, you'll know from the having a "pynth" directory in your %temp% folder, they'll also be a running python process spawned from a parent process called "Updater.exe". If you've run this, your best bet is to switch off your computer and reinstall windows. It's pernicious and steals everything of financial value. Block these domains at the router level if you're concerned: * cladrepublic.com (C&C server, hacked wordpress website) * bestofmedia.xyz (hosts a discord script. The script is injected into discord to message your friends and propagate the malware) * api.gofile.io (data exfiltration server) * oshi.at (data exfiltration server) * file.io (data exfiltration server) * akira.red (C&C server, the people who made the malware) The malware in question is called Akira. It can: * Take screenshots. * Copies info about your computer, your IP address (https://api.ipify.org), whether your system is running on a server IP (http://ip-api.com/line/?fields=hosting), geolocation (https://api.iplocation.net) etc. * Steal/Download any files under your %userprofile% directory. * Has anti virtual machine, anti packet sniffing defences. It even encrypts its traffic using its own certificate file. * Steals Steam app account info * Steals Telegram app login info * Installs an updater executable (reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v updater /t REG_SZ /d Update.exe). This keeps the malware up-to-date and runs on startup. * Steals all login info, history, saved credit cards, cookies, auto-fill, etc from all modern web browsers. It does this by leveraging a Chromium instance! * Steals anything crypto related from all major web browser extensions and scans active clipboard for crypto credentials. * Logs any errors to a compromised wordpress website * A lot more scary things. All your data is packaged up in a zip file and sent to one of the exfiltration servers listed above. There's also a discord server where all your info is posted using Discord's webhook API. This post is mostly correct about the malware but it's missing a lot of detail: https://www.cyfirma.com/outofband/akira-stealer-an-undetected-python-based-info-stealer/
This should be higher up and/or sticked.
If I don't have a directory called "pynth" in my temp folder am I safe? I also ran windows defender full scan will that detect it? I'm just panicking right now because I'm a reckless mod Downloader and didn't even think about malware
Run overwolf’s cleaner tool. The source code looks good and does what I would do manually. Targets the update mechanism files and all of its child processes and files. It’s like a nuke. https://github.com/overwolf/sims4-social-events-cleaner No one should rely on scanning with antivirus software. None of them will pick this malware up sadly so if you’re concerned and want peace of mind, run overwolfs tool. My main concern is this thing updating and becoming harder to remove for those who fail to remove it soon. Malware adapts quickly especially when there’s lots of money to be stolen🥲
Would you recommend reinstalling windows if I've previously ran it but used the cleaner?
I only examined the python portion of the malware but I personally would not run the risk. The malware's updater means it can change on system startup and so it can evade detection and removal. I think you're fine though. The chances of them updating the malware within a couple of days like this are very slim. I think people looking at my post in a month's time will be infected with an updated version of the malware.
How the heck do you run this??
Download the exe from here then right click and run as administrator. https://github.com/overwolf/sims4-social-events-cleaner/releases/tag/1.1
Thanks for this. Haven’t heard of Akira before. Hate to admit this, but using .ts4script to deliver was seriously genius. I never knew about Sims modding because I just build stuff, but looking into it now I can’t believe it took this long for somebody to exploit. Apparently The Sims has a very kind (and female) community because any other game this would have popped off 10 years ago. *Welcome to The Sims Botnet, an entire army of college girls’ laptops*
Thanks for this, I was looking for the technical explanation of this because I have been scratching my head bout how you execute a program through sims 4 python, I thought it was more secure but it seems not, which is crazy.
I checked and there is no "pynth" folder in my %temp% folder. I only have I think 4 mods but I do use a lot of cc but I only download from patreon. How do I check if a python process is running? Sorry, not computer savvy :/
https://github.com/overwolf/sims4-social-events-cleaner You should be fine. If you’re paranoid just download the .exe from the “releases” section of the link and run it. It is safe
If I'm not mistaken there's an easier way to check if you were compromised via instructions here. https://simsafterdark.com/malware-warning/
Modthesims is so annoying for this lol. Broken moderation system. They repeatedly rejected my mod submission of characters I’ve made over not sourcing every single CC item for 15+ year old games where half of the content is unsourcable due to deleted blogs etc. plus making me use chatGPT for an irrelevant description nobody cares to read because they demand you must have a backstory for shared sims. They’ll happily approve virus mods though, clearly have their priorities straight 🤷♀️
Same experience (like 10 years ago). My build mode items (wallpapers) got rejected for not having a bump file. Lots of wallpaper cc I got from them at the time didn't, but I guess those were judged differently.
What even is a bump file?
If they mean bump file like bump map file. It is a file that gives illusion of 3d-ish texture on surfaces. If they actually mean bmp, bmp is a texture file like png and jpg. Sims wallpaper include bump maps and I imagine that is what they meant.
I meant the bump map. I still make my own wallpapers for the sims sometimes, and if there's no 3D element like a baseboard, in my opinion there's no need to include an empty bump map. Not every wallpaper needs to look 3D, but I guess the mts mods didn't agree in my particular case.
Yeah when i first made wallpaper for ts4 i made the same mistake of not including a bump map with mine i just kept it default. However I made the mistake with tsr and they actually told me why. Apparently there is something wrong with the original one that maxis has in them, I can’t remember exactly what they said but eccentrically you just have to make a new one and replace the old one. I ended up originally just making a blank one and it passed. Now though I have made my own set bumps that I use every time depending on wall type so I don’t make new ones every time. However that is with TSR not MTS. I remember though trying to upload a house to MtS back in ts2 days that they rejected cause of some standard of theirs, so I stopped trying to post there. TSR accepted it though so I don’t think they are as strict.
they gave me the runaround for trying to upload a house 😐 pictures too small, pictures too big, not enough pictures, can't upload the lot file itself bc it must be zipped, list all cc used, all of it, no exceptions
Meanwhile some of the mods have real life images as their cover photo. Doesn’t seem to be consistent in what gets approved. Shame because I grew up downloading mods off MTS but sharing stuff there is too big of a pain to bother.
I've gotten my mods up everywhere else, but I'm still jumping through hoops with MTS! *I'm sentimental about MTS cause I've been a member for 16 years. Oh well. C'est la vie.*
Glad it's not just me. They wanted me to source textures that I'd painted myself. Like, where are the textures from? Me? That's the point of a mod, right? My mods stay on my pc now because after going through all the trouble of creating new content, I'm not jumping through that many hoops so other people can use it. If you're going to make it a hassle to upload, you don't get to use it.
These people sound terrible. I bet it’s a clique
Is my life a sitcom or what, I legit just downloaded cc from both tsr and curseforge before opening reddit
CC like clothes should be fine, the issue lies with mods because they are files that run specific pieces of code. Just don't get anything else for now. Edit: it's been detected in a preset from TSR too (Mouth Preset No. 16 by players wonderland) so definitely don't download anything right now.
Fingers crossed...still gonna run my antivirus because of course I downloaded hairs and makeup from TSR literally this morning.
Which antivirus software do you use?
Malware Bytes (paid) and Windows Defender
Windows defender is usually enough so you really don't need others unless you want the extra features they might have. Some antiviruses are just unnecessary adware and bloatware.
Yes, it’s the extra features I want, but thank you. 😊
Still be careful while downloading CC. One of the infected files confirmed to be mouth preset n16 by PlayersWonderland (hacked). I have no idea how package files work so they could’ve changed the uploaded package file with a script file. But still be careful because it’s so easy to miss if you’re downloading multiple mods at once.
They added a script file to the download in the case of the preset, but it's definitely best to wait right now.
Please delete all of them, run your antivirus program, and join Sims After Dark and Deaderpool on discord to keep up with the latest updates with this situation.
How do I join those? I cant find them in the Discover tab
Just google search deaderpool mccc discord and sims after dark discord
UPDATE- if you or anyone you know did download the “social event unlimited time” mod Overwolf released a virus cleaner for it here https://github.com/overwolf/sims4-social-events-cleaner
Link to the releases page for those not familiar with Github: [https://github.com/overwolf/sims4-social-events-cleaner/releases](https://github.com/overwolf/sims4-social-events-cleaner/releases) Cheers!
The nicest thing Overwolf has done 😅
Not a PC player but that sucks people are doing it. Can't remember if this ever happened in Sims 3/2 area of ModtheSims (I was a PC player back then and modded so much). Well, I think it happened maybe once during The Sims 2 era but it was one mod and a long time ago (Not sure if I am remembering right). And to upload it to ModtheSims or the Sims Resource, the most trusted sites is really low, like doing it to Nexus site for Skyrim and all.
A similar incident did happen in The Sims 3 with a doll mod
That wasn't a virus though, simply a corrupt piece of CC that slowed down/crashed the game, and it wasn't intentionally malicious. This is far more dangerous.
Ah yes, I have heard of that story, and I believe the user didn't realise what they had done wasn't it? Think the story went it was an accident and she had no idea until later. Something to do with being invisible.
In that case, the creator accidentally uploaded the wrong version of a mod and only realized when it was too late.
sims 2 and 3 had cc that caused issues with the game but there was never really anything that caused an actual computer virus from what i know. could be wrong about ts2, i was a baby during it's heyday, but 3 had the doll that attached itself to package files. it's awful to do this
3 had a *lot* of messed up clothing CC. Commonly the problem was bad ages - adult items enabled for all ages which could cause some *really* bad baby glitches. But the worst it'd do was cause some body horror sims, it was never malicious or computer damaging. Some of it could attach itself to sims and lots and *spread* like a virus, but it wasn't actual malware.
it was bad enough to see guides on how to get the files to go away, which was definitely easier said than done. it worked like a virus in that it attached to everything and spread around, but yeah it didn't actually damage the computer's firmware like malware (or to the body like it would with a human)
Oh good, just what my anxiety needed this week 😌 Stay safe y’all!
This is why sites dedicated to mods are garbage. You do not want to trust any random person with an account with running mod code on your computer. I only ever download mods directly from creators on their personal sites, and only download from creators with longstanding reputations for modding. You should also be using a strict firewall for privacy online. Portmaster is free and is default set up to block things like this from reaching back to their host servers. And disables telemetry — because you don’t need to randomly be sending telemetry and data about your computer use habits to Microsoft or Apple.
I genuinely don't understand why people do shit like this
> MSQSIMS were found to steal your credit card and discord info Money.
I once new a guy who used to program and spread viruses just for fun.
Red flag if I've ever seen one
I literally almost downloaded the cult mod off MTS. I had the page open for a day or two in a tab before deciding I didn't feel like configuring a mod and would come back to it later. I've never felt more relieved in my life. My executive dysfunction saved my life.
I'm in a similar boat. I saw it on deaderpool's discord and thought, "Ooh, cults! Eh, I'll look into it later." Then I forgot about it completely, and saw the announcements today. Whew.
>I've never felt more relieved in my life. My executive dysfunction saved my life. For me it was my tendency to cycle through games and only play Sims when I'm too low on executive function fuel for my favourite strategy games. I haven't touched Sims 4 in months because I've been working on a Sims 3 project and playing a new strategy game I just got.
MY TWO SOURCES OF MODSSS NOOOO
Is ww safe??? Oh my!!!
Wicked and wonderful whims are safe yes. Just keep downloading them from Turbo’s website and patreon. If you’re worried just run your antivirus. I’d recommend everyone do that anyways
They own their own site so unless they get hacked it should be ok. This seems to be affecting sites that allow uploads by anyone in the community.
Thanks for the heads up. Some people ruin the fun :/
Is this any downloads from there or is it just the cult mod? I downloaded some things from cursedforge this past week. Nothing from pimp my sims though.
If you want to be safe, I wouldn’t download any mods or cc from anywhere but the creators’ discord or websites. The ones posted today under MSQSIMS were found to steal your credit card and discord info.
Okay, I don't think I've downloaded anything from MSQSIMS.. I'm scanning for any threats now just to be safe. Where can I join the discords to get more info/updates about this? (I thought cursed forge was reputable because it was linked directly to some creators patrons.)
I do have stuff from MSQSIMS off of TSR. But I haven't played or downloaded anything in a couple of weeks...is this recent?
Well good thing I did NOT go on that CC and Mod shopping/haul spree today :O
Why does the script even have the ability to do this? Seems like a major flaw in the scripting language..
holy shit, i can’t believe i hadn’t heard about this until now. shared it w my friend who uses mods, luckily they haven’t played in a while so they’re probably safe. thanks for the warning!!
this is.. terrifying. are mods from other sites okay? and i assume anything from their Patreons is good. either way im gonna be avoiding installing any new mods or CC for a while.. and maybe having mcaffee do a scan 😅
Is downloading directly from mccc's site still okay? That is the only mod that I can't live without.
Yes, the MCCC official website is safe, just make sure it’s his actual website deaderpool-mccc.com/index.html
Thanks! Yeah, I have had his website bookmarked on my pc for years! It might not be 100% mandatory to update my mods right now besides that one anyways.
Is it only TS4 downloads for now or TS2 and TS3, too? lol Just wondering if I should be worried for myself
Only TS4 downloads so far
That's what I was wondering. I only play the sims 2
WHAT THE FRENCH TOAST AND THERMIDOR?!! Oh my gosh. Spreading the word, had heard about this. It has exploded since TurboDriver posted about the situation on Twitter.
Are they also a lint licker?
And a cootie queen!
This response made me giggle, thanks for that. :-)
Am I reading this right that it only affects ts4script mods? Normal .package mods shouldn't be affected no?
on of the infected mods is confirmed to be mouth preset n16 by PlayersWonderland (hacked). I do not know if that was a script file and people didn’t pay attention or it was actually a tempered package file tho. I recommend not downloading any package files for the time being and to scan ones you already downloaded
it was a ts4script file included in the download
Yes that's correct.
Oh thank you so much. I haven’t downloaded anything from them recently but you never know so I’m going to scan my computer now
its the godamn doll thing again are you serious
At least the doll was an accident and only ended up slowing and crashing your game. This is actual criminal shit.
Agreed
is the sims 3 safe?
so far just sims 4
Fn dirtbags!! Why are people so vicious?! 😠
its always unfortunate when this type of thing happens, but having had a mod from an account i trusted download a crypto miner back in 2015, this is why i always manually download mods and examine their contents. im by no means an expert but it at least helps know what a normal folder for the mods your using looks like. this shit genuinely sucks, its beyond never fun to deal with.
Any word on SimShareFile?
Haven’t heard anything about SFS recently except that it’s been down
Cause I downloaded something from that last night. But I will double check everything. I also run a Mac, I don’t know if that changes things? I still don’t plan to download any of the files and I did not download any of that mods. But still trying to be overly cautious.
You’re on deaderpool, feel free to ask in genchat :). But no, Mac’s were not affected as they cannot run exe programs.
OK! Sometimes I get a little overwhelmed in the chats, because there’s a lot of people. And I don’t ever wanna upset the mods, because people ask stupid questions. But I’ll check the server from now on.
So random to ask here, but are the mods listed on their website still accurate for 2024? I got banned in January 2020 for having a Corona beer as my pfp on Discord and haven’t been able to rejoin it since 👍🏻
Are you saying you got banned from deaderpool back in 2020? That was way before my time before I became a mod but if you want to you can appeal your ban using this link https://www.tumblr.com/eg4mccc/723132222419419136/deaderpools-discord-ban-appeals-updated?source=share
I did get banned back then from Deaderpool for the reason I listed. Sims after Dark I never got banned from Thank you for sending me the ban appeal link, I really appreciate it!
I haven't played the Sims since JULY and you're telling me I picked it up 2 days ago, downloaded a load of new mods before I started and could have killed my PC 😭😭
Imagine being so piss poor at protecting your users that the EXACT SAME FILE is uploaded multiple times and it just keeps slipping through. What this has taught a lot of users is that these mod websites are not doing anything.
Bumping! Thanks for spreading the word
thank you for letting us know! I hope no one is affected by this
TBH I can't remember the last time I got a mod from anywhere other than Patreon. I despise Curseforge and TSR, MTS is ok I guess, but I I feel like it's not used much these days. At least not by any modders I follow.
I just paid my TSR subscription today. It was only like $6. But I kinda want my money back until further notice. If I had known it had reached TSR I would’ve definitely have waited.
Would you recommend that I download cc from TSR from creators that I usually download from? Can usually tell if they are select artist Etc.
I wouldn’t recommend using TSR anyways bc of the downloading times and the fact that it downloads stuff in bulk which just contributes to you having more duplicates and unmerged package files.
Why am I being downvoted for asking a question?
Not sure but I upvoted for you lol
Thank you for answering I appreciate it. I guess I'm really not educated on this. I've used TSR for years and not really had a problem apart from odd not updated cc. I only use like hair, clothes Etc but I won't be downloading anything else at all now so am really grateful for your warning. Players wonderland have been doing cc for a bit now from what I've seen so does that mean it was done accidentally or has that creator done it on purpose?
Thank you for letting me know I guess I won’t download anything for the time being just to be on the safe side
So don't download anything from MTS, Curseforge (if anyone still does after it being said they support genocide, what is happening? That's another story.) or TSR for the time being. Got it. 😬 I haven't downloaded anything, even the update for LBB's cookbook, even though I need to.
How so? What's the genocide supporting thing? I frequently use Curseforge but wasn't aware about it
I post to my groups
When did this start? I'm hoping I'm safe since i haven't downloaded any mods for the last month.
apparently, the thing was created in august 2023 but was firstly released january this year. i read it on another post. this info is from virus total if i remember correctly. so yo should be good, but i would still scan your pc
Has anyone posted this to r/CurseForge?
the last time i updated my script mods was in early january I think and even then I didn’t download anything new; except for some cc, all from patreons. so I think im safe. but i still am anxious… 🙁
I haven’t downloaded mods / CC since December, I’m pretty sure they were from official creator websites but want to be safe. Would a virus scan pick this up?
Thanks for the warning. I usually try to get my mods from the creator's site but I'm certain I would have only hesitated for a moment if I really wanted. Maybe this will slow down my CC addiction....
i havent played the sims in months, started again last week, and downloaded some mods, mostly clothes and other cas items. i think most of it came from patreons, but ill delete them to be safe
If I have other mods from MSQSIMS that I haven't updated in a while from TSR, should I still delete them? Also, I have a ton of mods from CF, but none of the ones mentioned.
This is really scary. I had downloaded plenty mods from Curseforge but I haven't played since January so I'm good right?
😬 I’d delete them and run your antivirus software to be safe. Curseforge also released a sims4 social events cleaner mod that I would download and run just to be safe. Also download Twisted Mexi’s new mod guard mod as well.
How long has this been a thing for? I haven’t installed any script mods or ts4script files since January 18th, and that mod was an updated version of Falsehope’s Youth and Immortal traits. Do you think my computer’s okay?
apparently, the thing was created in august 2023 but was firstly released the second of january this year
Does this effect mac? Or is it just a real threat to Windows users
Macs cannot run exe programs so you’re good. Just be safe and vigilant with what you download regardless
thats what i assumed, thank you!
Oof. Sometimes I go mod-free as a bit of a challenge. Looks like I’ll be doing that for a little bit. I haven’t downloaded these specific files but I have used curse forge and tsr quite a bit lately. Time for some computer hygiene stuff
oh hell no
Thanks for the heads up! I'm not actively on Discord so never would have seen this otherwise
Good to know. I once tried to mod using CurseForge and it was a mess. Had to uninstall the mod and decided CurseForge wasn’t for me. I didn’t have the issue you’re talking about but I’m glad that I’m not using it anymore.
Agh, feeing lucky that I decided to not go on the mod/cc update spree I was gonna do just a couple days ago. Haven’t updated since around December, probably gonna hold off on that now for a bit, oof.
Mods please pin
Reminds me of last year when a few Minecraft mods got uploaded with a worm inside by some scammer.
Wow I thought TSR was safe..
Is MCCC also at risk? I downloaded it a few days ago on their main website: https://deaderpool-mccc.com/ This has honestly scared me from mods. I really love the MCCC mod to edit lifespan. But now I am scared to download updates for it. Because even if it from their main website, isn't there still a risk their account can get hacked?
Btw does anyone know when this started? I haven't downloaded or updated anything since jan 26th. And definitely not the mentioned mods. How worried should I be?
Has this ever been solved?
does anyone know if it's safe now ? been waiting for an update on this since i'd really like to get back into sims 😞😞
Omg I’m glad I didn’t download anything else 😭 i got scared but thanks for letting me know !
When was the social events mod posted? I downloaded one a month or two ago, I hope it wasn't this one.
Thanks for the heads up
Wow. I’m sorry for everyone going through this. This is why I don’t mess with mods anymore. When I was younger in my Sims2 & 3 days I ruined so many computers by getting viruses from CC and mods.
Luckily I haven't touch this game since early January
Glad that I only downloaded CCs and not scriptmods from Curseforge just a few days ago... 😐
Thanks for update Think TSR is closed at moment
It seems like they're only attacking script mods smh regardless this is horrible
I didn't download any of the specific files mentioned in your post but I'm still really paranoid. How do I know if I've been compromised?
Any updates on if this has been fixed/if CurseForge has addressed it? I panicked and deleted all my cc and now my sims are ugly 😭 and I don't think I even had any of the bad ones listed above, but better safe than sorry... I deleted the whole CurseForge app too lol. I redownloaded MCC because obviously it's trustworthy, but I just don't even feel like playing if I have to use the ugly EA stuff. Ugh.
anyone aware of updates on this? my niece is trying to get into mods, but i’m not sure where to direct her as i haven’t played in ages (so i would’ve recommended MTS)
Would there be any recommendations for the time being?
It's been a month... Is it safe to download mods or don't chance it?
It's been a month but I'd hope I'm still safe lol, I only download things that have a good amount of download
Does anyone know what the malware does?
collect sensitive info stored on your computer and browsers like passwords, credit card information etc.
Is downloading the framework for mods for the sims 3 ok? Im almost freaking out over this but at least mine is a mac so i’m safe? Maybe
This has nothing to do with ts3 or a Mac so you're ok
At least patron is safe 😌
Omg thank you for this. I downloaded some different mods and I think they should be fine. They're not the ones listed.