u/Camila_La_Dorada

To me, freedom is like running along the beach. It’s like running until I’m tired and bored, but knowing I can run free for as long as I want, in total peace. Like hearing the waves in the background and no one else 🏃‍♀️🏖️🌊

Today is going to be a great afternoon for sales! I’ve made a little over 500,000 so far, which isn't bad at all considering this account is barely 6 days old 😊

It’s going to be a long grind to get back everything I had on my old account, but the best part of this challenge is that I can finally play with total freedom and peace of mind 🤞☺️

Edit: I apologize if anything is unclear. I'm not a native English speaker; I know basic English, learned in regular school, not a specialized academy, and I'm very nervous about what happened.

It's possible other personal information was stolen. This is very serious, and we have to be very careful with everything online...

I'm posting this in English-speaking subreddits because the GTA subreddits are all in English, so if anyone comes across this, they'll be aware of the dangers of using mods.

I've already corrected the text. There might still be some spelling mistakes. I know basic English, and sometimes I struggle to express myself. Sorry!

I'm adding this because I'm seeing downvotes and questions.

I have no need to lie.

I want to share my bad experience. It was the first time my PC had ever been hacked. I'd never installed any unofficial game mods before, and now I'm here... explaining my experience so it can help others.

We could be being spied on remotely without even knowing it!

I downloaded a mod for GTA 5, but this mod forced me to download others from the same website.

A virus with remote access that even Avast hasn't detected. How long? I'm not sure... In two years, this is the third or maybe even fourth time I've tried to install the zombie mod for GTA story mode, which has never worked for me.

It made me replace the original game files (the first sign of a virus). I should mention that I tried to install the mod about three times, since it never worked (it was a zombie mod for story mode, not online), and the last time I wanted to try installing it again to see if it would work this time, I didn't delete it from the game folder. That was my big mistake...

I don't know how long I've been a victim of hacking, because the hacker probably remained silent until they tried to steal my accounts: Reddit, Instagram, Steam... that's when I realized the seriousness of the problem. Perhaps the "door" was cut when I deleted these mods the other times, I'm not sure... I have my doubts... but this time it was serious because it tried to steal my accounts, something it hadn't done before. As I said, maybe by deleting the mods, I also lost access to my PC.

After downloading the mod again, I noticed the following:

- Slow internet connection

- Internet interruptions

- My program settings were changing without me doing anything

- My PC fan was very noisy even when I wasn't doing anything

- My PC was getting very hot even when I wasn't doing anything; I was just using Chrome. I opened Task Manager and the CPU usage was very high, but suddenly it dropped, the fan stopped running, and the PC stopped overheating (another sign of a virus). This is to prevent us from investigating the cause and to avoid raising suspicion about the virus.

- Chrome started warning me that its own page wasn't secure and that someone was trying to steal my information. NEVER ignore this message. NEVER.

- I noticed that all my accounts, the ones I always have open on my PC (Chrome, the EA Games app, Reddit, Discord, Instagram, the Rockstar launcher), were closing on their own. NEVER ignore these sessions; it's another red flag. It means they have your passwords and are accessing your accounts!

When I logged into Discord, it always asked for authorization from my email. Once I changed my password, it stopped asking. NEVER ignore when a website or app asks for authorization; it's because they're detecting other devices besides yours. This is another red flag.

- In Windows Resource Monitor, in the Network section, you can monitor everything.

I always saw a lot of IP addresses there, most of them linked to my Chrome browser, from where they stole my login cookies. I logged into Steam recently, and that's when they were able to access my account. I hadn't logged into Steam for a while, before installing the mods.

It was through the Resource Monitor that I saw the attacker's IP address within GTA Online, which froze my game and eventually closed it. When the game closed, I checked Steam and saw a recently added game. another sign is: Games recently added to my Steam library, games I didn't add.
After everything else—losing access to Instagram, having my password changed, and everything else I describe here:

https://www.reddit.com/r/RockstarGames/comments/1sxij0m/beware_of_downloading_a_zombie_mod_its_a_virus/

I have a friend who works in security, whose name I won't mention for privacy reasons, but after all this and other things I told her—like how I've been harassed for a while by one or more people in the game, how my first Rockstar account was stolen when I wasn't even using mods, and how I later reinstalled mods, perhaps giving them full access by reinstalling them in the game folder—she told me that either I was the one who created "the door" by installing the mod, or perhaps even though I had removed the mod the other times, the virus was already on my PC, but that the mod is like "the big door," an entry point for other modders to gain access not only to my game and private lobbies, but also to my PC. It's a remote access attack (RAT) on my PC.

Now I understand what someone wrote in the game chat: "I'm looking at what you have on your PC. You have an emulator with good games, among other things."

What's the solution? My friend cleaned my PC, ran several antivirus programs... she did everything, but she couldn't remove the virus. The virus wasn't just hidden on my PC, but also on my router.

Yesterday I decided to format my PC and reinstall Windows from scratch. Strange connections kept appearing in Resource Monitor. Finally, I formatted the router and... in the network section, at the bottom, under "listening ports," everything disappeared... They were ports using IPv4 and something else I don't remember.

After this bad experience and the huge scare I got, I deleted the game. The game isn't safe.

If you look for official news from Rockstar, you'll see that a few years ago they warned all players not to play in public sessions because they were carrying out this type of attack. Apparently, it still exists. Perhaps the entry point is through mods. Be VERY careful when downloading unofficial content!

Edit: Maybe deleting it from the game folder doesn't remove the virus. Maybe it's always been on my PC... I suspect this because of things I read in the game chat in public lobbies, regarding my personal files on my PC.

Thank you for reading!

Edit: I apologize if anything isn't clear. I'm not English and I'm very nervous about what happened.

It's possible they stole other personal information. This is very serious and we have to be very careful with everything on the internet.

As the title says, a friend and I decided to download a zombie mod for offline play. It wasn't for story mode; we wanted to try it in Director mode.

After downloading the mod, all the applications we had open in the background (Chrome, Steam, etc.) were hacked. Someone tried to steal our Steam and GTA accounts, and in Chrome, they stole our Reddit passwords (through cookies). They accessed Reddit, and my Instagram account keeps saying my password or email is incorrect.

I had to uninstall the game, scan my PC with two different antivirus programs, change all my passwords, and enable 2F security on all my accounts. Whoever it was managed to disable the firewall rules and even accessed Director mode.

It's a script and trainer mod that made us replace original GTA files.

After all this, an IP address from a web server started bothering us in the GTA lobby. I was alone online, changing my character's outfit for Director Mode. The game froze and crashed. I was able to get the IP address that was flooding my GTA with over 49,000 packets, and this same IP address was "hooked" on Chrome, stealing my passwords.

I realized when I logged into Reddit that my session had been closed. After logging back into Reddit, it closed again a few minutes later. I added 2F and it stopped happening. Then, on Steam, I received an email trying to remove my security... a nightmare.

Be very careful when downloading this or any other mods!

Edit:

I've recovered my Instagram account. They changed my password... Both here and on my other social media accounts and Steam, they accessed it without leaving any trace of login activity.

I took my PC to a friend who knows a lot about computers, especially security, and she told me that it might not be the mod itself, but rather that the mod is a "backdoor" allowing any modder with a mod menu to remotely access my system through the GTA executable. That's when the password theft and access to my social media accounts started... it didn't happen before.

My friend cleaned my PC. I think I'm free of viruses or whatever it was.

I downloaded the mod, Simple Zombies [.NET] 1.0.2d, from this website: https://es.gta5-mods.com/

For years I've been dealing with harassment from one or more players using modmenu, but by blocking UDP ports, I managed to keep them out of my private lobbies, until I reinstalled the zombies mod. I think this is the third time I've installed it, and they're invading my private lobbies again. But as far as I know, they never stole my passwords or accessed Steam or any of my other accounts before, maybe because I always deleted the mod from the folder and "closed the door."

They added a game to my Steam library, which is how I realized they accessed Steam, but without leaving any trace in the login history... this is where the modmenu issue with remote access comes in. To the RAM? To my PC?

My friend wouldn't tell me anything, whether it was full remote access to my PC, or just access through RAM (modmenu can see all programs running in the background), but she told me NEVER to install mods again.

I think I've tried using the mod about three times, but it's never worked for me in story mode. I always thought I was installing it incorrectly. The first few times, I deleted all traces of the mod from my folder, even the files it made me replace. Then, when Steam verifies the integrity of the files, if any are missing, it downloads them again. I didn't do that this time; I left the mod in my GTA folder, and well, here's my post...

A few months ago, Windows Update installed the latest version of Windows. I didn't like it, and I couldn't revert to the previous version, so I had no choice but to reinstall Windows from scratch, including the GTA installation. That's why I stopped noticing the intrusion into my private lobbies... I reinstalled the mod, and well, everything I described in my post happened. All because I didn't delete it from my GTA folder this time...

My friend told me that Trainer might have been the culprit. I don't understand anything about computers or security, but if this person was able to access Steam without leaving a trace in the login, it had to be remotely on my PC.

Years ago, Rockstar warned everyone to stop playing in public lobbies because there was a remote access (RPC) vulnerability with ModMenus. Apparently, it still exists.

My boyfriend uses ModMenus on his account. He let me use his account and experiment with ModMenus. Look what I discovered, all the things you can do with ModMenus, which made me decide to stop playing in public lobbies. For our PCs, GTA has zero security.

I don't use ModMenus on my account for fear of being banned, but even without ModMenus, I can see other players' IP addresses with a program. This is because the game is P2P, and it's impossible not to see them. That's why I know when I'm not alone in my private lobbies. Although my boyfriend also caught several hidden players on my list using his account and modmenu, joining me while still hidden.

Now I can tell, without using modmenu, if I'm playing alone or not, and I saw an IP address that sent me almost 50,000 packets while I only received 200, which is why it froze and closed my game. This is how modders freeze or close the game, by overloading gta5.exe with an excessive number of packets.

If, through a game, they're able to steal cookies containing passwords, take control of my browser (my browser was behaving strangely, with security warnings), bypass login tokens (which is why they don't leave a trace of logins), see my PC name, hardware...etc. (YES, THEY CAN DO THIS WITH MODMENU), see my email, Rockstar password, my Rockstar account ID (unique numbers), and link me to their ModMenu for life to harass me even in private... I will never buy another game from this company. Zero security.

I've seen many things that can be done with ModMenu, but I never saw this option. At least, I didn't see it because I wasn't looking for it.

Some of the things I'm describing with technical terms were explained to me by my friend.

I don't want to convince anyone not to use mods, I just shared my bad experience!
My friend had a similar experience, except he has 2F with everything. I forgot to add him on Reddit and Instagram...