The creators of People Playground, a lo-fi, cartoonishly gory sandbox with over 300,000 Steam reviews, have warned players to update the game immediately and delete all of their mods after a “malicious add-on” began infecting other mods in the game’s Steam Workshop.
The “Urgent PSA” was posted to People Playground’s official Steam News Hub on February 1, with a patch for the game following hours later. All Workshop functions, mods, and access to the Workshop page for the game were immediately disabled, but not before the malware claimed its first victims.
Several users in the comments of the Steam post report that all of their People Playground’s achievements, save files, and Contraptions folders (a separate save file for custom creations) have been wiped. According to the devs, the virus in question “does not destroy your computer,” but instead aims to disable or otherwise destroy certain aspects of People Playground’s functionality.
Users who have downloaded any mods from the game’s Workshop are being urged to wipe their entire mod lists, even if they didn’t download the malicious mod in question. This is because the add-on “replaces [mods] with itself,” and has reportedly supplanted several other mods in People Playground’s workshop.
The malicious mod also somehow made its way into the top-rated section on People Playground’s workshop, which may explain how it spread to so many users in such a short space of time, considering the mod was uploaded to the Steam Workshop on January 30.
This, unfortunately, isn’t the first time that a Steam Workshop mod has infected users’ games. In February 2022, several mods for Cities: Skylines were removed from the Steam Workshop following reports that they contained keyloggers and bitcoin mining software. In December 2023, the popular Workshop mod Downfall for Slay the Spire was subject to a “security breach” that infected users’ machines with malware that attempted to steal their passwords via their web browsers.
English (US) ·