American Road malware, since the discussion thread seems to be down

https://lemonyte.com/blog/beamng-malware

Did the payload include a keylogger or does it just grab your passwords from your browser?

Default browser or just Edge?

And also, I forgot, when the game updates and you reenable mods for the first time, does it activate all of them immediately or just the ones you had activated before?

If you have multiple local user accounts, does it grab from all of them or just the one the game is run from?

Is there any way to check if the payload ever ran?

And most importantly, does it grab card details from Steam? Because mine got saved even though I didn't want them to because they leave that box checked by default

I did not find any of the listed compromised files with a search, including the DLL, but had already shift+deleted the mod when I searched for them

For what it's worth, I also do not appear to have any .tmp or .dll files modified this year, if you even trust the Windows search function (I miss when it was actually good)

 

90% sure the virus is fake lol

 

I really doubt it since what happened with the Disney/NullBulge attack.

 

stenyak literally said that it was real lmao just go check the thread

 

Exploits are a very real thing, the seemingly innocent banner script was doing some weird stuff, there was no need for a compiled css file just for that.

I am also partially affected by this, my luck came from the fact that I use proton which puts all games in their own little container, so the malware might still have ran, it seems that I'll have to reinstall BeamNG and the whole proton installation with it.
Poor guy is being review bombed by everyone now.

 

Nope. It's real, I managed to have infected version and made short write up on reddit (luckily I updated the game on 6th april, whereas the mod got downloaded/updated in 11th april. How do I knew that, check the file's date modified section).

 

Yeah that whole disney being hacked by a ng mod fiasko was made up by that tech youtuber eric parker that when asked didnt want to show any evidence and then kicked me from their dc when i said that its pretty bold to assume a link when the indicies point towards a much different link (the blender plugin). But that whole story helped his subscribe count so it was win for them i guess. Tho didnt help that everyone from this community kinda jumped on it and wouldnt listen to arguments

 

But at least it gaves a heads up warning about potential exploit, which is now thankfully fixed on v0.35.

 

Fur affinity did get highjacked due to a mod when dragoneer died just saying. A lot of crap happened that day and a lot of people got really disgusted that some rotten furry hating lowlife ended up being the person that caused that and started calling out someone else who had a beam ng drive mod that was corrupted and hijacked and spying on the user without them even knowing or whatever. That was a while ago but I talked to a good hand full of people that code and do software and they are suprised that such bullcrud could happen in the first place when someone passes... I hope nothing like that ever happens again
--- Post updated ---
Correction: a mod was involved in the drama but was not why dragoneer got hacked after he died. Sorry for that