Usually, when talking about mods for Grand Theft Auto games, we're highlighting a particularly noteworthy creation, speaking about how their use in GTA Online is going to get you banned, or reporting that at patch broke them again (none of this in recent times, thankfully). Today, however, it seems a darker side of GTA mods and multiplayer servers for the old games has reared its head.
Players who only play GTA 5 and haven't delved into the older titles, or play on console, shouldn't be affected. However if you enjoy perusing and downloading GTA San Andreas mods, or like playing on custom multiplayer servers for that very game, you should be wary as botnet exploits have wormed their way into certain mods and clients with the intent of using the San Andreas community to spread.
A site which hosts both GTA San Andreas mods and multiplayer servers, alongside paid hacking attacks such as pay-per-attack DDoS services, wove the two businesses together without disclosure. A notorious botnet exploit known as Satori then spread to the systems of those who used mods from the site, as well as those who played on the site's multiplayer servers. The exploits, upon infecting a victim, automatically scan any other potential victims accessible from the newly infected device — other players playing on the server first of all, but once infected, basically any connection can be exploited.
So what does this exploit actually do? You may not notice any direct consequences. It's not your usual kind of virus which messes with the function of your system, logs keys, steals or locks data, tracks use or so on. The botnet exploit basically co-opts your machine for the DDoS attacks the site is offering. For a low price, buyers can have websites overloaded with a flood of fake traffic coming from systems affected by the botnet.
An internet security research firm looked into this iteration of the mentioned Satori variant, called JenX in this particular case, and filed abuse notification. However the service still runs. The website itself isn't particularly functional, but reads "We are back". Business is conducted off-site. The whole botnet exploit is decentralized and as it spreads from target to target shutting it down is difficult.
So what can you do about this? It's pretty simple — don't use or download any GTA San Andreas content affiliated with a site known as San Calvicie, which is hosting the mods, servers and the exploits as well. Stay safe!
