March 1, afternoon CURRENT INCIDENT: Malicious ts4script files in multiple compromised accounts on Mod the Sims, March 1, 2026. Posts with full details: March 1, morning March 1, afternoon Multiple Mod the Sims accounts compromised. Malicious ts4script files have been uploaded to multiple mods, including to mods/CC that should not have one. Delete immediately and run a full-system malware and virus check. ***************************************************************************************** January 2024 Incident Beginning as early as mid-January 2024, we began seeing Sims 4 script mods with malicious executable .exe code hidden in them. The mods masqueraded as being from existing creators or from a brand-new creator with a name similar to an existing one. In one known case, it appears that a creator’s account was hacked to update the creator’s own mod page. These mods also presented themselves as being previously existing mods. (Mac users: Because this is .exe code, it won’t affect you, but may produce LEs.) Mods known to have been compromised "PimpMySims4" (impersonated) – Cult Mod – was on Mod the Sims; now removed MySims4 – "Social Events - Unlimited Time" – was on Curseforge; now removed MSQSims (hacked) – on The Sims Resource, Feb. 5-8; all removed Mood Cheat Menu Motherlode Menu Seasons Cheat Menu Weather Forecast Cheat Menu PlayersWonderland (hacked) – Mouth Preset N16 ts4script file – on The Sims Resource, now removed V1 of an adult mod, with a January file date – on LoversLab How to check your system for the January 2024 malware To see if your system has been affected by the malicious code: select Windows-R In the window that opens, type this: %AppData%\Microsoft\Internet Explorer\UserData In the folder that opens, look for files called Updater.exe and/or Main.exe. If you are affected If you had one of these files, assume that any sensitive data on your PC may be compromised and take the steps below: Clear your system for this specific virus. (See below.) This must be done FIRST. If you have the Discord app or a cryptocurrency wallet app, uninstall them. This is important if not obvious: Starting these can trigger an attempt to reinstall this malware. Change your passwords. Add two-factor authentication where available. If you had saved credit card or similar information to a web browser, remove it and find out from your financial institution (or other relevant site) what action to take next. Reinstall Discord and cryptocurrency wallet apps from fresh downloads. Learn more about keeping your data secure in the future: https://answers.ea.com/t5/EA-Services-General-Questions/Answers-HQ-Online-Security-Newsletter-January/m-p/13449052/thread-id/447422 To clear your system: Download this fix created by Maxis mod-host partner Curseforge: SimsVirusCleaner Double-click the SimsVirusCleaner.exe file in your Downloads folder tor run it. This is a good time to run a general virus/malware scan on your computer. More things to know Curseforge and The Sims Resource updated their file screening for this method of malware inclusion. Type of mods affected: The least likely mods to be affected were mods that are only .package files and mods uploaded by mod creators on Patreon or their own sites. Most Sims 4 mods are not script mods and aren’t doing anything requiring a ts4script file. Downloaded folders: Assume that any folder containing a collection of mods might include a compromised mod containing code that can steal your passwords, your banking info, and much more. Do NOT download and install these collections. If you have done so at any time since mid-January, check your system. New prevention/detection Sims 4 tool: TwistedMexi released a tool called ModGuard. April 2024 Incident [April 7, 2024] Malware via a mod that downloaded as only a text file with a link. Known cases: "S4 CAS Tools" on Nexus from user fubruss (the real mod is on Mod the Sims, from the late CmarNYC, dated 18 March 2023) “Loading Screen Randomizer” on Nexus from user fubruss (the real mod is on Mod the Sims, from Tesuto , dated 9 January 2024) Do NOT follow the links in text files. Do NOT download other files or follow links from this user. No legitimate mod download will EVER consist of only a text file (a file ending in .txt). If you downloaded either of these, delete them and run a virus scan. NOTE: This type malware does NOT require that you run the game for it to install itself, and is not what ModGuard is designed to detect and stop. November 2024 Incident On November 5, 2024, on Mod the Sims, someone uploaded malicious versions of at least four mods. Unlike the earlier incident, no new accounts were involved, and one of the accounts breached was TwistedMexi's. No other compromised mods were found. It is not yet known what the effect of any malware included or called up was, so assume it's very bad. What to do If you downloaded any mods with .ts4script files from Mod the Sims on November 5, delete the mod and run a virus scan. If you don't already have it, download TwistedMexi's tool ModGuard. It will not protect against all possible script-file exploits, but it will help. Note that your other system protections cannot see what's in a .ts4script file. April 13, 2025 incident Some SimFileShare CC compromised Do not download mods from SimAndy or TheNinthWaveSim or Pixelunivairse mods/CC from SimFileShare. The accounts are compromised. Files present include an executable (.exe) file presumed to be malicious. If you downloaded files from these creators after about April 11, delete them and run a virus scan The owner of SFS has removed all known compromised files, and SFS is permitting file uploads again. Please remain cautious about what you download, especially files that were updated in early April 2025. March 1, 2026 incident Multiple Mod the Sims accounts compromised. Ts4script files uploaded, including to mods/CC that should not have one. Files contents clearly malicious. If you downloaded any ts4script files from Mod the Sims beginning March 1, 2026, delete immediately and run a full-system malware and virus check. Among those compromised, NateTheLoser regained his account and reuploaded the original pre-2026 versions. Current Impact of Incidents on Mod Update News Updates of mods/CC hosted only on Mod the Sims are delayed. - updated March 1, 2026

NOTE: Updated February 8 to add recovery steps re. Discord and cryptocurrency wallets. Further important updates will have added notes here so people subscribing to this post are messaged about them.

February 9 updates New Compromised Files The Sims Resource, which will now be implementing new test measures, has checked all ts4script files uploaded in 2024 and identified three more compromised mods from hacked accounts: MSQSims – Mood Cheat Menu – downloaded Feb. 5-8 MSQSims – Motherlode Menu – downloaded Feb. 5-8 PlayersWonderland – Mouth Preset N16 – ts4script file Also identified: V1 of an adult mod, with a January file date – uploaded at LoversLab New Important Notes ts4script files: Most Sims 4 mods are not script mods and aren’t doing anything requiring a ts4script file. Those are needed by mods that affect gameplay. If you’re downloading CC, look for ts4script files. Do not put them in your Mods folder. Report the CC that included it. downloaded folders: Assume that any folder containing a collection of mods might include a compromised mod containing code that can steal your passwords, your banking info, and much more. Do NOT download and install these collections. If you have done so at any time since mid-January, check your system. New Tool TwistedMexi – ModGuard: Mod Malware Protection – download sources: Patreon (now), Curseforge (soon); NOTE: This tool has specific installation instructions. Follow them. CURRENT VERSION: 1.5 - ts4script file date: 28 Feb. 2024, on Patreon, linked from TwistedMexi's website; not yet updated on Curseforge This tool goes in your Mods folder and will do the following: Detect and block common virus vectors Find the mod doing it Notify you of the compromised mod Notify TwistedMexi’s team of the compromised mod TwistedMexi’s team can then inform others, and we can get the word out to everyone. NOTE: Every tool like this has workarounds that a bad actor will find. This tool is NOT a replacement for using caution and skepticism when you download mods. It also does NOT provide broader protection; it is specific to Sims 4 mods. [updated Feb. 28 for ModGuard v1.5]

Feb. 10 UPDATED TwistedMexi – ModGuard – critical update 1.1, Patreon, ts4script file dated 10 Feb. 2024 – additional virus vectors and other improvements – reminder: follow the installation instructions QUICK UPDATE TO THAT: 1.1 is crashing on Macs, but it's less urgent for you. Other Notes MSQSims reports on her social media that Mood Cheat Menu and Motherlode Cheat Menu were taken down as extra precautions by The Sims Resource, not because they were compromised like the other two Cheat Menus (the ones she had cleared for patch 1.1040). IMPORTANT: I am NOT yet clearing these for the purpose of the compromised-mod list on p. 1.

Feb. 12 Updated TwistedMexi – ModGuard – v1.4, Patreon (not yet available on Curseforge), ts4script file dated 12 Feb. 2024 – for fewer false positives

IMPORTANT Do NOT download from MOD THE SIMS until further notice More info to come.

Forum Discussion

luthienrising

Hero+

2 years ago

Malicious Script Mods and Other Malware

March 1, afternoon

CURRENT INCIDENT: Malicious ts4script files in multiple compromised accounts on Mod the Sims, March 1, 2026.

Posts with full details:

Multiple Mod the Sims accounts compromised. Malicious ts4script files have been uploaded to multiple mods, including to mods/CC that should not have one. Delete immediately and run a full-system malware and virus check.

*****************************************************************************************

January 2024 Incident

Beginning as early as mid-January 2024, we began seeing Sims 4 script mods with malicious executable .exe code hidden in them.

The mods masqueraded as being from existing creators or from a brand-new creator with a name similar to an existing one. In one known case, it appears that a creator’s account was hacked to update the creator’s own mod page. These mods also presented themselves as being previously existing mods. (Mac users: Because this is .exe code, it won’t affect you, but may produce LEs.)

Mods known to have been compromised

"PimpMySims4" (impersonated) – Cult Mod – was on Mod the Sims; now removed
MySims4 – "Social Events - Unlimited Time" – was on Curseforge; now removed
MSQSims (hacked) – on The Sims Resource, Feb. 5-8; all removed
- Mood Cheat Menu
- Motherlode Menu
- Seasons Cheat Menu
- Weather Forecast Cheat Menu
PlayersWonderland (hacked) – Mouth Preset N16 ts4script file – on The Sims Resource, now removed
V1 of an adult mod, with a January file date – on LoversLab

How to check your system for the January 2024 malware

To see if your system has been affected by the malicious code:

select Windows-R
In the window that opens, type this:

%AppData%\Microsoft\Internet Explorer\UserData

In the folder that opens, look for files called Updater.exe and/or Main.exe.

If you are affected

If you had one of these files, assume that any sensitive data on your PC may be compromised and take the steps below:

Clear your system for this specific virus. (See below.) This must be done FIRST.
If you have the Discord app or a cryptocurrency wallet app, uninstall them. This is important if not obvious: Starting these can trigger an attempt to reinstall this malware.
Change your passwords.
Add two-factor authentication where available.
If you had saved credit card or similar information to a web browser, remove it and find out from your financial institution (or other relevant site) what action to take next.
Reinstall Discord and cryptocurrency wallet apps from fresh downloads.
Learn more about keeping your data secure in the future: https://answers.ea.com/t5/EA-Services-General-Questions/Answers-HQ-Online-Security-Newsletter-January/m-p/13449052/thread-id/447422

To clear your system:

Download this fix created by Maxis mod-host partner Curseforge: SimsVirusCleaner
Double-click the SimsVirusCleaner.exe file in your Downloads folder tor run it.
This is a good time to run a general virus/malware scan on your computer.

More things to know

Curseforge and The Sims Resource updated their file screening for this method of malware inclusion.
Type of mods affected: The least likely mods to be affected were mods that are only .package files and mods uploaded by mod creators on Patreon or their own sites. Most Sims 4 mods are not script mods and aren’t doing anything requiring a ts4script file.
Downloaded folders: Assume that any folder containing a collection of mods might include a compromised mod containing code that can steal your passwords, your banking info, and much more. Do NOT download and install these collections. If you have done so at any time since mid-January, check your system.
New prevention/detection Sims 4 tool: TwistedMexi released a tool called ModGuard.

April 2024 Incident

[April 7, 2024] Malware via a mod that downloaded as only a text file with a link.

Known cases:

"S4 CAS Tools" on Nexus from user fubruss (the real mod is on Mod the Sims, from the late CmarNYC, dated 18 March 2023)
“Loading Screen Randomizer” on Nexus from user fubruss (the real mod is on Mod the Sims, from Tesuto , dated 9 January 2024)

Do NOT follow the links in text files. Do NOT download other files or follow links from this user. No legitimate mod download will EVER consist of only a text file (a file ending in .txt).

If you downloaded either of these, delete them and run a virus scan. NOTE: This type malware does NOT require that you run the game for it to install itself, and is not what ModGuard is designed to detect and stop.

November 2024 Incident

On November 5, 2024, on Mod the Sims, someone uploaded malicious versions of at least four mods. Unlike the earlier incident, no new accounts were involved, and one of the accounts breached was TwistedMexi's. No other compromised mods were found. It is not yet known what the effect of any malware included or called up was, so assume it's very bad.

What to do

If you downloaded any mods with .ts4script files from Mod the Sims on November 5, delete the mod and run a virus scan.
If you don't already have it, download TwistedMexi's tool ModGuard. It will not protect against all possible script-file exploits, but it will help. Note that your other system protections cannot see what's in a .ts4script file.

April 13, 2025 incident

Some SimFileShare CC compromised

Do not download mods from SimAndy or TheNinthWaveSim or Pixelunivairse mods/CC from SimFileShare. The accounts are compromised. Files present include an executable (.exe) file presumed to be malicious. If you downloaded files from these creators after about April 11, delete them and run a virus scan

The owner of SFS has removed all known compromised files, and SFS is permitting file uploads again. Please remain cautious about what you download, especially files that were updated in early April 2025.

March 1, 2026 incident

Multiple Mod the Sims accounts compromised. Ts4script files uploaded, including to mods/CC that should not have one. Files contents clearly malicious.

If you downloaded any ts4script files from Mod the Sims beginning March 1, 2026, delete immediately and run a full-system malware and virus check.

Among those compromised, NateTheLoser regained his account and reuploaded the original pre-2026 versions.

Current Impact of Incidents on Mod Update News

Updates of mods/CC hosted only on Mod the Sims are delayed.

- updated March 1, 2026

advice

custom content (cc)

mods

18 Replies

Replies have been turned off for this discussion

luthienrising
Hero+
1 year ago
Apr. 7: NEW THREAT

NEW: Malware via a mod that is downloaded as only a text file that contains a link.

Known cases:

"S4 CAS Tools" on Nexus from user fubruss (the real mod is on Mod the Sims, from the late CmarNYC, dated 18 March 2023)

“Loading Screen Randomizer” on Nexus from user fubruss (the real mod is on Mod the Sims, from Tesuto , dated 9 January 2024)

Do NOT follow the links in the text files. Do NOT download other files or follow links from this user. No legitimate mod download will EVER consist of only a text file (a file ending in .txt).

If you downloaded either of these, delete them NOW and run a virus scan. NOTE: This malware does NOT require that you run the game for it to install itself, and is not what ModGuard is designed to detect and stop.
luthienrising
Hero+
2 years ago
Feb. 28

Updated

TwistedMexi – ModGuard – v1.5, Patreon (not yet available on Curseforge), ts4script file dated 28 Feb. 2024 – for better patch compatibility
luthienrising
Hero+
2 years ago
Feb. 12

Updated

TwistedMexi – ModGuard – v1.4, Patreon (not yet available on Curseforge), ts4script file dated 12 Feb. 2024 – for fewer false positives
luthienrising
Hero+
2 years ago
Feb. 12

Updated

TwistedMexi – ModGuard – v1.3, Patreon (not yet available on Curseforge), ts4script file dated 12 Feb. 2024 – "inconclusive" fixed
luthienrising
Hero+
2 years ago
Feb. 11

UPDATED

TwistedMexi – ModGuard – v1.2, Patreon (not yet available on Curseforge), ts4script file dated 11 Feb. 2024 – Mac compatibility, additional virus vectors and other improvements – reminder: follow the installation instructions

ADDED NOTE:With 1.2, an "inconclusive" report is a false positive and not an indication of a compromised file
luthienrising
Hero+
2 years ago
Feb. 10

UPDATED

TwistedMexi – ModGuard – critical update 1.1, Patreon, ts4script file dated 10 Feb. 2024 – additional virus vectors and other improvements – reminder: follow the installation instructions

QUICK UPDATE TO THAT: 1.1 is crashing on Macs, but it's less urgent for you.

Other Notes

MSQSims reports on her social media that Mood Cheat Menu and Motherlode Cheat Menu were taken down as extra precautions by The Sims Resource, not because they were compromised like the other two Cheat Menus (the ones she had cleared for patch 1.1040).

IMPORTANT: I am NOT yet clearing these for the purpose of the compromised-mod list on p. 1.
luthienrising
Hero+
2 years ago
February 9 updates

New Compromised Files

The Sims Resource, which will now be implementing new test measures, has checked all ts4script files uploaded in 2024 and identified three more compromised mods from hacked accounts:

MSQSims – Mood Cheat Menu – downloaded Feb. 5-8

MSQSims – Motherlode Menu – downloaded Feb. 5-8

PlayersWonderland – Mouth Preset N16 – ts4script file

Also identified:

V1 of an adult mod, with a January file date – uploaded at LoversLab

New Important Notes

ts4script files: Most Sims 4 mods are not script mods and aren’t doing anything requiring a ts4script file. Those are needed by mods that affect gameplay. If you’re downloading CC, look for ts4script files. Do not put them in your Mods folder. Report the CC that included it.

downloaded folders: Assume that any folder containing a collection of mods might include a compromised mod containing code that can steal your passwords, your banking info, and much more. Do NOT download and install these collections. If you have done so at any time since mid-January, check your system.

New Tool

TwistedMexi – ModGuard: Mod Malware Protection – download sources: Patreon (now), Curseforge (soon); NOTE: This tool has specific installation instructions. Follow them.

CURRENT VERSION: 1.5 - ts4script file date: 28 Feb. 2024, on Patreon, linked from TwistedMexi's website; not yet updated on Curseforge

This tool goes in your Mods folder and will do the following:

Detect and block common virus vectors

Find the mod doing it

Notify you of the compromised mod

Notify TwistedMexi’s team of the compromised mod

TwistedMexi’s team can then inform others, and we can get the word out to everyone.

NOTE: Every tool like this has workarounds that a bad actor will find. This tool is NOT a replacement for using caution and skepticism when you download mods. It also does NOT provide broader protection; it is specific to Sims 4 mods.

[updated Feb. 28 for ModGuard v1.5]
luthienrising
Hero+
2 years ago
NOTE: Updated February 8 to add recovery steps re. Discord and cryptocurrency wallets.

Further important updates will have added notes here so people subscribing to this post are messaged about them.

Featured Places

The Sims 4 Mods & Custom Content

Find tips, tutorials and troubleshooting for mods and custom content, and The Sims 4 patch files here.Latest Activity: 3 hours ago

16,662 Posts

Forum Discussion

Malicious Script Mods and Other Malware

CURRENT INCIDENT: Malicious ts4script files in multiple compromised accounts on Mod the Sims, March 1, 2026.

April 13, 2025 incident

March 1, 2026 incident

18 Replies

Featured Places

The Sims 4 Mods & Custom Content

Recent Discussions

Young Ghosts Return Thread 2.0

Malicious Script Mods and Other Malware

Mermaid scales and tails not showing up while swimming!!

Broken and Updated Sims 4 Mods and CC: patch 1.121, Feb. 3, 12 & 19, 2026

Mod help