Thought of bringing this to your attention, given as GTA, as we all know, is a high-profile game and all, and the potential for hackers cashing in on the hype train is, suffice it to say, big.
In case you guys don't know, .ASI files were originally used by the Miles Sound System as modules to be used by the said audio library. This has since been exploited by mod authors for loading stuff like scripts and other gameplay-altering code into Grand Theft Auto. Rockstar discontinued their support for Miles in the PC version of San Andreas, though modders still traditionally use the .ASI extension for their DLLs. The release of GTA IV saw the use of the .NET framework by modders for their libraries, which eventually carried over to V.
While you've been busy enjoying guns that fire cars, piloting flying saucers or swimming 'round a flooded Los Santos thanks to mods for the PC version of GTA V something darker's lurked beneath the surface. GTAForums user aboutseven noticed that a C# compiler was running in the background on his or her computer and traced it back to a file dubbed "Fade.exe." Upon further inspection she or he spotted that it was using internet access. Turns out it was a keylogger. Process of elimination deduced that "Noclip," which allows you to examine the insides of objects freely, and "Angry Planes," which spawns incredibly, well, angry, planes that attack you with kamikaze-like fury, were the culprits behind the malware infection.
Sites that have hosted the mods have since pulled them down, and for a detailed breakdown for how to remove the nefarious files and programs, hit the source link below. It should go without saying that if you've installed these on your computer, changing all of your passwords is incredibly important at this point. In the meantime, enjoy a video that never gets old: blue whales falling from the sky and causing chaos in Los Santos.
Source: http://www.engadget.com/2015/05/15/gtav-pc-mods-malware/
A user named ckck has also done a detailed analysis on the infected .ASI modules:
http://gtaforums.com/topic/794383-malware-inside-angry-planes-noclip-mod/?p=1067465309I assume you guys at Avast will be adding the infected .ASI files to your definitions, yes?
