Project Zomboid developers at The Indie Stone have identified and neutralized 14 Steam Workshop mods laced with a zero-day exploit, banning the responsible account and removing the offending items from circulation.

Reports surfaced on April 7 when multiple players flagged suspicious activity from music mods branded 'True MoooZIC'—packs featuring soundtracks from games like Risk of Rain 2, NieR: Automata, and Persona 5. Investigation revealed heavily obfuscated code designed to spawn malicious files outside the game's directory, potentially compromising user systems. These mods had collectively infected between 500 and 2,200 devices, primarily on Build 42 branches.

The team acted decisively: the uploader was banned, mods yanked, and security patches rolled out—not just for the exploit but a separate vulnerability in Build 41 uncovered during an internal audit. Devs emphasize that uninstalling the mods alone won't suffice; players should conduct full system scans to root out any persistent threats. No full disclosure on the malware's endgame yet, leaving affected users to wonder what exactly slipped past Steam's gates.

Community forums and Reddit threads light up with concern, as players who relied on these popular OST packs now scramble for antivirus sweeps and mod purges. True MoooZIC itself appears uninvolved—the exploit piggybacked on its framework without leveraging it—but the incident underscores the Workshop's vulnerability to bad actors hiding in plain sight. For now, the outbreak is contained, but it serves as a pointed reminder that even sandboxed mods can bite back.