This code was apparently also included in "Harmony (Redesigned)", a framework mod that many other mods depend upon. Allegations appeared a few days ago that some of this users mods contained "malicious code." These mods were both created by a user who works under the name Chaos, or sometimes Holy Water. Another mod, "Update From Github", aimed to circumvent the Steam Workshop entirely by allowing updates to mods to be installed directly form Github while "making changes to existing Workshop subscriptions without the user's knowledge."Ĭomplicating matters somewhat is a sea of rumours about what else the mods contained, and a series of counter-allegations about Colossal Order from the creator of the mods. One, "Network Extensions 3", violates the Steam Subscriber Agreement by "discriminating against specific Steam users" blocking them from using it, Colossal Order say. These problems have not affected other devices or services except Windows PCs, so users of Azure, Xbox, or Microsoft 365 have nothing to worry about.A handful of popular Cities: Skylines mods have been banned from the Steam Workshop by developers Colossal Order. The first one was similar to maliciously signed drivers discovered last year and belonging to the "Endpoint protection killer" category, while the other type resembles a rootkit, being conceived to run silently as just another background task.Īs usual, all that home users need to do is keep their operating system updated and nothing else.
Other measures were taken as well, such as the implementation of blocking detections (starting with Microsoft Defender 1.391.3822.0) that provide protection from legitimately signed drivers used in post-exploit activity.Īs revealed by Sophos, two types of malicious drivers have been used in various attacks lately.
In addition to them, Microsoft reveals that Trend Micro and Cisco provided their own reports on such problems, bringing the total number of unsafe drivers (including non-certified ones) to 133.Īccording to Microsoft, the subsequent investigation revealed that "several developer accounts for the Microsoft Partner Center (MPC) were engaged in submitting malicious drivers to obtain a Microsoft signature." Unsurprisingly, all these accounts were promptly suspended. The security advisory published by Microsoft yesterday and labeled ADV230001 covers an issue with many drivers certified by the Windows Hardware Developer Program that "were being used maliciously in post-exploitation activity." This problem was discovered by researchers at Sophos, who notified Microsoft in early February 2023.
0 kommentar(er)
