Installing after-market modifications to enhance titles like GTA 5 seems like fun and games, and it is. That is until something goes wrong or someone breaches the trust of users by releasing a mod that isn’t all it is made out to be. GTA 5 for PC mods are becoming increasingly popular as a way of enhancing or bringing a little bit of additional madness to the already exhilarating game but it has recently been discovered that a number of popular mods for Rockstar’s latest action-adventure game contain malware designed to log key strokes and maliciously obtain sensitive information from the installed machine.

A modification known as “Angry Planes,” which allows an army of disgruntled planes to be called from the skies, as well as another mod entitled “NoClip,” which essentially allows the character to investigate the insides of objects without limit, have been discovered to contain malware that hosts and executes a file named Fade.exe on the installed computer. When installed, the Fade.exe program acts as a fairly comprehensive key logger designed to record and remotely store the keystroke presses on whatever machine the malware is running on. It doesn’t take a computer scientist to understand that this could have serious repercussions if sensitive data such as banking passwords or social media account credentials were transmitted to malicious third-parties.


If you are one the many individuals across the globe who enjoy modding GTA 5 on a PC, especially using the “Angry Planes” or “NoClip” mod, then you have a keen-eyed GTAForums user to thank for detecting that both of these mods contain malicious scripts that were being executed. The user in question – aboutseven – discovered that his/her machine was running a mysterious C# compiler in the background, which was ultimately investigated and found to be a necessity in the execution of the aforementioned Fade.exe program. It was also discovered that the program was regularly polling the Internet and transferring data back and forth.


The majority of reputable sites hosting the infected modifications have taken the relevant action and removed the downloads from their servers. First and foremost, anyone running the affected scripts should immediately uninstall them, and it goes without saying that passwords should be changed with great haste. This should act as a warning shot for those involved in hosting and running modifications where blind trust is involved, but it’s great to see hosting providers such as making an immediate promise to beef up its approval process to try and prevent this from happening again.

If you believe that you’re infected, here’s what you need to do:

Screen Shot 2015-05-15 at 6.23.35 PM

(Source: GTAForums)

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.

Related Stories