We’re back in the thick of the games modding controversy this week, this time over what was meant to be a benign mod – GShade – and a potentially malicious update to it that ran amok on gamers’ computers.
If you mod at all, you’ve probably heard of GShade; it’s essentially a graphics injector tool that adds high-end post-processing features to a massive range of games from Skyrim to The Sims 4. Here in MMO land, players apply it to titles like Final Fantasy XIV, Guild Wars 2, and Phantasy Star Online 2, and it’s those MMO applications we’re concerned with here.
As chronicled on the FFXIV and GW2 subreddits, earlier this week gamers discovered that the GShade maintainer inserted GShade code that would crosscheck the user’s computer for a specific update manager and then reboot the player’s machine if said manager was being used. In other words, GShade was suddenly running malicious commands without the user’s permission: It had effectively become malware.
The GShade maintainer initially declared that his stunt was “meant to be a lesson” for a specific plugin manager developer who had apparently tried to get around a GShade password system by hotlinking the GShade installer. The GShade dev further warned that “anything could have been in the payload” that he was delivering through said plugin manager, which is… kind of ominous. But following the uproar across multiple gaming communities, he has apologized for the “undue stress,” attempting to justify his actions as a copyright defense against third parties he claims were attempting to redistribute copyrighted assets. And though he argues the insertion was a legitimate “anti-tampering function,” he has removed the malicious code.
However, the damage has likely already been done, as Reddit communities for multiple games have already put up threads warning players to uninstall the program and switch to alternatives like ReShade, and the GPOSERS community has detached from GShade. This was already the type of mod that required a high level of trust, and trust is a hard thing to get back once lost.
This guy just admitted that he implemented this specifically because of NotNite's installer software, and also claimed that if he did anything worse, that it would have been NotNite's fault for "distributing it to people and triggering it." pic.twitter.com/BBCpK850jY
— perchbird (@perchbird_) February 6, 2023