Endlessly popular zombie survival game Project Zomboid has a metric tonne of mods available on Valve’s Steam Workshop, and there’s always more coming. Unfortunately, some have used Steam’s mod-friendly Workshop system to exploit players of the survival game with a number of virus-filled mods making their way onto the platform.

Over the last few days, players of Project Zomboid started to report a mod that was “allegedly generating malicious code when run”, developer The Indie Stone announced. According to the developer, the number of affected players sits between 500 and 2200 devices which were generating “malicious files outside of the Project Zomboid directory”.

The Indie Stone confirms that they have taken the appropriate actions to ban the offending mods from the Project Zomboid Steam Workshop group. A total of 14 mods were taken down which where user-made addons for the popular soundtrack-adding mod True Music, hence their quick download by fans. You can find a a list of the offending mods right here:

• Risk of Rain 2 OST (True MoooZIC) – Workshop ID: 3681934105 Mod ID: RiskOfRain2Music
• Risk of Rain 1 OST (True MoooZIC) – Workshop ID: 3681810963 Mod ID: RiskOfRain1Music
• NieR: Automata OST (True MoooZIC) – Workshop ID: 3681765529 Mod ID: NierAutomataMusic
• Katana ZERO OST (True MoooZIC) – Workshop ID: 3681764942 Mod ID: KatanaZeroMusic
• Persona 5 OST (True MoooZIC) – Workshop ID: 3681756112 Mod ID: Persona5Music
• Jujutsu Kaisen S1 OST (True MoooZIC) – Workshop ID: 3681755051 Mod ID: JujutsuKaisenMusic
• Hotline Miami 2: Wrong Number OST (True MoooZIC) – Workshop ID: 3681719339 Mod ID: HotlineMiami2Music
• Hotline Miami OST (True MoooZIC) – Workshop ID: 3681718339 Mod ID: HotlineMiami1Music
• Silent Hill OST (True MoooZIC) – Workshop ID: 3681477980 Mod ID: SilentHillMusic
• Cowboy Bebop OST (True MoooZIC) – Workshop ID: 3681476976 Mod ID: CowboyBebopMusic
• Metal Gear Rising: Revengeance Vocal Tracks (True MoooZIC) – Workshop ID: 3681339955 Mod ID: MGRRevengeanceMusic
• Classic Roblox Music (True MoooZIC) – Workshop ID: 3681335952 Mod ID: RobloxClassicMusic
• DELTARUNE Ch3+4 Music (True MoooZIC) – Workshop ID: 3681334251 Mod ID: DeltaruneCh34Music
• Minecraft Alpha+Beta OST (True MoooZIC) – Workshop ID: 3680972796 Mod ID: MinecraftClassicMusic

“Further investigation revealed that the same user had uploaded a total of 14 mods, all containing the same exploit,” the developer told fans. “The user has since been banned, and all affected mods have been removed from the Steam Workshop.”

Additionally, the malicious code would only run if fans were playing on the game’s Build 42 update branch, limiting who could be hurt by the mods. However, The Indie Stone “strongly recommend that anyone who downloaded them take appropriate security measures to ensure their system is safe”, adding that “simply installing the mods is not sufficient”.

“As with previous security fixes, we have updated the outdated unstable branch to match the unstable branch to avoid leaving a known vulnerability accessible,” the developers explained. “Going forward, outdated unstable will continue to lag one content update behind unstable.”

While Steam Workshop is a fairly safe platform for downloading mods for your favourite games compared to other platforms, it is not fool-proof. Valve’s security measures can be bypassed, as we’ve just seen, and it’s always worth taking additional caution when downloading mods, no matter where you’re downloading them from.