Just some advice to everyone, if you downloaded a mod that looks like it had quite some effort put into it then it is most likely not harmful to your computer. Mods that download malware are made by authors hired by malware companies. These corrupt modders usually make a lot of mods, all of which do simple things. For example, angry planes is a very simple script that screws with the planes in GTA 5. Since the goal of this corrupt modder is to get peoples information, they won't put much effort into the actual mod itself. Just be careful what you download guys. There are probably other mods with malware that are yet to be discovered

Just some advice to everyone, if you downloaded a mod that looks like it had quite some effort put into it then it is most likely not harmful to your computer. Mods that download malware are made by authors hired by malware companies. These corrupt modders usually make a lot of mods, all of which do simple things. For example, angry planes is a very simple script that screws with the planes in GTA 5. Since the goal of this corrupt modder is to get peoples information, they won't put much effort into the actual mod itself. Just be careful what you download guys. There are probably other mods with malware that are yet to be discovered

​

So would Interiors mod be included in that? it seems like it had effort put into it.

Angry Planes seemingly had effort put into it. It was actually a pretty highly recommended mod.

​

So would Interiors mod be included in that? it seems like it had effort put into it.

​Most likely not. Alex (The maker of script-hook) said it was probably fine, and it has 30 whole locations added. If it was made by a corrupt modder, it would be more like 10 places. Plus some places teleport you in, which is some extra effort that a corrupt modder would not do. I trust Open Interiors, there isn't enough evidence to say that it is a malware mod

Frankly shocked this hasn't happened sooner. Perhaps for now, only download mods from reputable sources and authors.

We'll be stepping up security on LCPDFR.com, including a full re-scan of our entire file database and a resumption of showing anti-virus scan results next to all files.

​That would probably help explain why there was a Service Announcement regarding some downloads being unavailable yesterday.

Angry Planes seemingly had effort put into it. It was actually a pretty highly recommended mod.

​Well, to be honest, I never downloaded the mod. And I'm pretty sure that the script is simple, it just has a cool outcome. I should rephrase myself when I say that little effort is put in. Effort is put in, but not as much as a modder who actually cares about their mod. But don't quote me on my theory of how corrupt mods work, because I don't actually know. I'm just giving an educated guess

<snip>

Edited August 2, 201510 yr by AlconH

What?! "Malware Companies". Is that a joke?

There are hackers that create malware, sometimes teams of them, but no "companies". A company is defined as a commercial business. There are no such things as "Malware Companies". 

​

I really wouldn't use that as a basis to determine if a file has malware inside it. I'm sure you can find plenty of files online that contain viruses but also offer a genuine program as a front. Saying "it's had loads of effort into it, therefore it's clean" it's absolutely ridiculous. If someone is skilled enough and able to put a high amount of time into a piece of malware that is only detected by a quarter of AV systems, they're most definitely able to put some time into a GTA mod to decrease suspicions.

If I were to create a piece of malware, and spend weeks creating it so that it could not be detected by AV systems, you think I'd then only spend 30 minutes creating a mod? No, I'd spend just as long on the mod, so that more people download it, and no-one would even consider that there be a virus within it.

A mod with good reviews and recommendations will get a shit ton more downloads than a poorly created mod with low ratings and negative comments.

By malware companies, I meant a group of hackers. Bad wording on my part. And these groups are most likely doing it the way I said. As I said before, effort is put in to make it look like a genuine mod. And these hackers are not hacking the website and altering the ASI files, that I can pretty much guarantee. That requires a lot of effort for something that most likely would never even work. Either these groups are paying off modders, or are just making the mods themselves

Edited May 16, 201510 yr by moncool17

I see no wonder I got a random notication from AVG of a trojan or malware when I was playing GTA 5, I guess it was the angry planes mod well thank god for AVG.

I see no wonder I got a random notication from AVG of a trojan or malware when I was playing GTA 5, I guess it was the angry planes mod well thank god for AVG.

You may not be entirely safe. If AVG only detected the ASI, chances are that you're infected. The ASI's download the malware, and the malware then does its stuff in the background while you're playing GTA 5. The ASI itself is not a virus, it just downloads the virus. Once that ASI is ran, it downloads the virus. So basically, if you ever played GTA 5 while you have the angry planes mod active, you are probably infected with malware

 

I see no wonder I got a random notication from AVG of a trojan or malware when I was playing GTA 5, I guess it was the angry planes mod well thank god for AVG.

​

NONE of the antivirus sofware currently detects the attack used by the two mods. The code that downloads fade.exe, the malicious file, and executes it is only accessible when scripthook runs the code. None of them are capable of reaching that code when trying to analyse the file. The only point they can detect it is when fade is being downloaded or executed. Even then, fade.exe appears to be detected by only 40% of antiviruses.

Noclip.asi detection rate:
https://www.virustotal.com/en/file/2ce282e6153e8cbf8bca500a5f9fb86256d1160214781fd89147563562a310fd/analysis/
http://virusscan.jotti.org/en/scanresult/35bfa4cf14a189415897bc76555da42b8fba9af4
https://malwr.com/analysis/ODUyZDA0NDA4ZjA3NGExMTkwYTU5ZTM0MTBhYTAyN2U/

Fade.exe detection rate (I assume this is the fade.exe the asi distributed):
https://www.virustotal.com/en/file/96fc6e090cb28dc36c35607fd8f189d62f044d2be18f43e39c58fd1ce2aa9336/analysis/

​

You may not be entirely safe. If AVG only detected the ASI, chances are that you're infected. The ASI's download the malware, and the malware then does its stuff in the background while you're playing GTA 5. The ASI itself is not a virus, it just downloads the virus. Once that ASI is ran, it downloads the virus. So basically, if you ever played GTA 5 while you have the angry planes mod active, you are probably infected with malware

​No need to worry I followed the instructions provided in gtaforums, and checked and it seems the file is not there anymore, so I can safely say that AVG took care of them.

​No need to worry I followed the instructions provided in gtaforums, and checked and it seems the file is not there anymore, so I can safely say that AVG took care of them.

Ah, then it seems your in the clear. But remember, any keys pressed while the malware was active was logged and sent to hackers

<snip>

Edited August 2, 201510 yr by AlconH

​So you're saying that all well made mods are completely safe and we should trust them because the hackers won't put much effort into a mod? Okay then lol.

If you would properly read my posts, then you'd see that my theory doesn't apply to all mods. It's just an estimated guess. If I were a hacker, I would only put enough effort into making the mod look legitimate. Please quit being so critical, I was only trying to help the community

<snip>

Edited August 2, 201510 yr by AlconH

​I'm not being critical, just trying to understand your perspective that's all.

I have properly read your posts at they seem to contradict one another. At one point you have said that only mods that have had little effort put into them are unsafe. Then you said that the hackers will be putting effort into the mods... I just got confused that's all.

Oh, well then I apologize. I guess this is one of those situations where what I say makes perfect sense to me, but no sense to others. I do that a lot :P

All of this raises an important question, Just who do/can we trust to release Mods free of malware, and other nasty programs from this point onwards?

All of this raises an important question, Just who do/can we trust to release Mods free of malware, and other nasty programs from this point onwards?

Good question. I wonder if GTA 5 mods could step up security by scanning uploaded files automatically before they can be downloaded publicly. It would have to be a really good software to detect viruses though, but I know some programs can detect malware downloaders. Hopefully some form of security is in development

The effort put into a mod would make no real difference. Many of the mods for V are open source. Someone with malicious intent can just shove their code into an existing mod, release it on a site that has not already got it, and infect enough people to achieve their goal.

The idea of open source does not solve the problem either. They have released the code, people who can read that language can verify it, but most people are not capable of compiling it themselves, so a pre-built binary has to be provided. Nothing is to stop an author making a binary with malware but keeping the source clean. And without reproducible builds the hashes of the builds on different computers and compilers will be different, so comparing a build with the public source to the pre-built will always be different.

Asking the modders that are capable of inspecting the file is definiately not a solution. They will never get shit done.

Expecting the AV companies to be competent is not an option. The ASIs still have 0/57 detection rate, the malware it distributes still has a measly 29/57 (just re-submitted) detection rate. And I don't expect the ASI's rate to change because the code that does the dirty work, hell, the code that does the mod shit, is unreachable by emulation.

I wish you all luck running crawling GTA V in your sandboxes and virtual machines. Or just playing Russian roulette with your AV software.