Skyrim Nexus Reportedly Compromised By Malware Hack

Members of the community reddit report that the Skyrim Nexus has injected malware onto their computers.

by on 21st Mar, 2013

Skyrim Nexus

The Skyrim Nexus existed long before the Steam Workshop offered modding support for Skyrim, and it's the site everyone goes to download mods for the game, which includes everything from simple alterations like weapons and armor to total conversions that change the game in its entirety. Needless to say, it's a website fans of the game have come to trust implicitly.

A report by members of the Skyrim community on reddit indicate the security of the Skyrim Nexus may have been compromised today.

The reports suggest that the Nexus Mod Manager (NMM) that visitors of the website use to download and manage their mods has been infected with some sort of virus that causes it to download software other than the mods you select.

The creator of the post Whiskeyjoel writes: "I was I'm there earlier downloading some mods, using their installer program. Program kept crapping out, seemed like server problems on their end. Tried downloading a mod manually instead, something downloaded to my comp, but it sure as shit was not what I wanted, because next thing I know, I get a popup message saying my computer has been locked by ICSPA for downloading kiddie porn or some such garbage, and to pay $150 to unlock my computer or else. This is a known malware scam that can be very tricky to get rid of, as I am discovering."

He adds that a file called "skyrim_nexus.exe" will infect your system should you open it.

The virus he speaks of is known as the FBI Moneypak Virus—a form of "ransomware". If you should find yourself infected by it, you can remove it with the aid of Malwarebytes. Further information about the virus can be found on Botcrawl.

Other redditors report that the Nexus Mod Manager isn't the only infected file on the site, and that various mirrors that the site uses to host its mods may also be compromised by the hack job. Should this be the case, I'd recommend staying away from any of the Nexus websites—at least for the time being. The network also includes the Dragon Age Nexus and Dark Souls Nexus, all of which use the same servers to host their files.

Stories from around the web