Rogue GTA 5 mods carry password-stealing malware

“Gamers who choose to play Grand Theft Auto V (GTA 5) on their PC should be carefull not to install two game mods that have been found to be bundled with malware.

According to thread on the GTA forums, the two mods in question are Angry Planes and No-Clip.

Both mods have been found to install a file named fade.exe, which is now detected as malicious by many antivirus programs, but was initially detected as such only by 3.

According to the analysis effected by one of the players who downloaded and installed Angry Planes, the mod installs RAT onto the target computer, and its various modules can be used by the malware authors to steal Facebook, Twitch, Steam and Messenger.com credentials and spam users of those services, steal session cookies, make the machine participate in a UDP flood attack, and more.

More technical details about the malware can also been found here.

If you downloaded and used one of these two mods and played GTA V with them, check your computer for traces of this malware and remove the malicious files you find (see here what to search for). Then go and change all your passwords, log out of your active sessions and log back in to invalidate the existing sessions.

Even if you don’t find evidence of any infection, you can execute the password changing and session termination just in case. Also, now is a good idea to consider start using a password manager and stom making your browser save your passwords.

“Gamers need to be cautious when installing mods onto their computers, especially those that havent gone through any sort of quality check. Always make sure to scan a mod using anti-malware software before installing it to make sure you stay safe,” Malwarebytes’ Joshua Cannell advises.”