The breach was caught after multiple players flagged a suspicious mod yesterday. The Indie Stone investigated, confirmed the reports, then discovered the same user had quietly uploaded 13 additional compromised mods under the same exploit. Combined, the mods had been downloaded and run on somewhere between 500 and 2,200 devices before they were taken down.

Which Mods Are Affected?

All 14 mods belonged to a music replacement series called “True MoooZIC,” adding soundtracks from popular games and media to Project Zomboid. The full list includes Risk of Rain 1 & 2, Nier: Automata, Katana ZERO, Persona 5, Jujutsu Kaisen, Hotline Miami 1 & 2, Silent Hill, Cowboy Bebop, Metal Gear Rising: Revengeance, Classic Roblox, Deltarune Ch3+4, and Minecraft Alpha+Beta.

If any of those names ring a bell from your mod list, treat your system as compromised.

The Critical Detail: Uninstalling Is Not Enough

This is the part that matters most. The Indie Stone has explicitly stated: “Simply uninstalling the mods is not sufficient.” The malicious files were written outside the Project Zomboid directory — meaning they persist after the mods are removed. Players who downloaded any of the affected mods are strongly advised to take comprehensive security measures: run full antivirus/malware scans, consider credential resets for anything sensitive accessed on the infected machine, and investigate what exactly was written to their systems.

The exploit only affected Build 42 branches (the current unstable testing release). Players still on the stable Build 41 branch were not vulnerable.

The Indie Stone says the malicious user has been banned and all affected mods removed from the Workshop. An investigation into what the files were actually doing is ongoing. We’ll update this post as more information becomes available.

Bottom line: Check your mod list. Run a scan. Don’t assume the uninstall button saved you.

The post Project Zomboid Mods Were Hiding Malware — 14 Music Packs Banned After Installing Malicious Files on Up to 2,200 PCs appeared first on Bizznerd.