February - last edited July
NOTE: This early 2024 episode is no longer current, but this thread is left here for reference.
Beginning as early as mid-January 2024, we began seeing Sims 4 script mods with malicious executable .exe code hidden in them.
The mods masqueraded as being from existing creators or from a brand-new creator with a name similar to an existing one. In one known case, it appears that a creator’s account was hacked to update the creator’s own mod page. These mods also presented themselves as being previously existing mods. (Mac users: Because this is .exe code, it won’t affect you, but may produce LEs.)
Mods known to have been compromised
If you have these mods, remove them:
NOTE: There may well be other compromised script mods out there. As they are found, they will be added to this list.
UPDATE: No other were found as of July 2024
How to check your system
To see if your system has been affected by the malicious code:
%AppData%\Microsoft\Internet Explorer\UserData
If you are affected
If you had one of these files, assume that any sensitive data on your PC may be compromised and take the steps below:
More things to know
NEW: Other Malware in "Mods"
[April 7, 2024] Malware via a mod that is downloaded as only a text file with a link.
Known cases:
Do NOT follow the links in the text files. Do NOT download other files or follow links from this user. No legitimate mod download will EVER consist of only a text file (a file ending in .txt).
If you downloaded either of these, delete them NOW and run a virus scan. NOTE: This malware does NOT require that you run the game for it to install itself, and is not what ModGuard is designed to detect and stop.
[updated July 23, 2024]
February - last edited February
NOTE: Updated February 8 to add recovery steps re. Discord and cryptocurrency wallets.
Further important updates will have added notes here so people subscribing to this post are messaged about them.
February - last edited March
February 9 updates
New Compromised Files
The Sims Resource, which will now be implementing new test measures, has checked all ts4script files uploaded in 2024 and identified three more compromised mods from hacked accounts:
Also identified:
New Important Notes
New Tool
This tool goes in your Mods folder and will do the following:
TwistedMexi’s team can then inform others, and we can get the word out to everyone.
NOTE: Every tool like this has workarounds that a bad actor will find. This tool is NOT a replacement for using caution and skepticism when you download mods. It also does NOT provide broader protection; it is specific to Sims 4 mods.
[updated Feb. 28 for ModGuard v1.5]
February - last edited February
Feb. 10
UPDATED
Other Notes
MSQSims reports on her social media that Mood Cheat Menu and Motherlode Cheat Menu were taken down as extra precautions by The Sims Resource, not because they were compromised like the other two Cheat Menus (the ones she had cleared for patch 1.1040).
IMPORTANT: I am NOT yet clearing these for the purpose of the compromised-mod list on p. 1.
February - last edited February
Feb. 11
UPDATED
February
Feb. 12
Updated
February
Feb. 12
Updated
February
Feb. 28
Updated
April - last edited April
Apr. 7: NEW THREAT
NEW: Malware via a mod that is downloaded as only a text file that contains a link.
Known cases:
Do NOT follow the links in the text files. Do NOT download other files or follow links from this user. No legitimate mod download will EVER consist of only a text file (a file ending in .txt).
If you downloaded either of these, delete them NOW and run a virus scan. NOTE: This malware does NOT require that you run the game for it to install itself, and is not what ModGuard is designed to detect and stop.
July
July 24: Updated the main post to reflect that this isn't a current issue but could still be useful info later.
Try these steps first to clear up any problems you may have when connecting to an EA game.
Troubleshoot and test your connectionReset, update, or link your account information.
View More on EA Help