- We have conducted a specific, thorough scan of other files on the Paradox Mods platform for this malicious file, and no other mods appear to have it.
- We have worked in close cooperation with the author of the affected Mod “Traffic” to ensure their account is secure and no further tampering should occur with their work.
- We are working to determine the nature of this .dll, and we will update you as soon as possible. In the meantime, please take the following steps as soon as possible to secure your system:
- If you have not played with the Traffic mod and have not subscribed nor downloaded it, there should be no risk to your system and nothing you need to do.
- If you have the Traffic mod and have not played Cities: Skylines 2 between Monday and today, let the mod sync as normal, and the malicious file should be deleted automatically. Please still scan your system with an anti-malware program like Windows Defender.
- If you have played using the affected version, please check your local files. If you have any malicious files installed, you will find them here; %AppData%\LocalLow\Colossal Order\Cities Skylines II\.cache\Mods\mods_subscribed\80095_13.
- Note that it is only specifically the 80095_13 folder that will contain malicious files; if you do not see this folder, you do not have the compromised version of the mod.
- If you do locate this folder, use an antivirus or antimalware program to quarantine it and/or remove it from your system, and run a thorough scan of your drives.
- As a precaution, we recommend changing your passwords.
- We will be going through all files uploaded to Paradox Mods and see if any other mods have had unexpected updates.
- We have contacted the modder whose mod was compromised and discussed our recommended steps to secure their account. They have updated Traffic to a safe version, so anyone playing with version v.0.2.4 is playing with a safe version.
- Paradox Mods will receive an update that notifies modders when their mods have been updated so that creators are quickly alerted to changes they have not personally made.
- We have conducted a specific, thorough scan of other files on the Paradox Mods platform for this malicious file, and no other mods appear to have it.
- We have worked in close cooperation with the author of the affected Mod “Traffic” to ensure their account is secure and no further tampering should occur with their work.
- We have engaged a team of IT experts to analyze the malicious file and better understand any current and subsequent risks it may pose.