The GShade mod for Final Fantasy XIV is heavily popular for its ability to improve visuals, but it also adds malware as a “lesson” for player PCs.
First and foremost, it’s worth mentioning that Square Enix doesn’t condone any kind of third-party modification for Final Fantasy XIV, and has issued a ban on all uses in any case. Even the mods that are intended to improve only visuals for the players running a more powerful rig to dive into Eorzea.
The GShade mod, created and maintained by GPosers, aimed to overhaul in-game visuals with shading modifiers that can be adjusted at a whim for individual player tailoring. With a massive install base, boasting over 68,000 users in its Discord community, GShade prospered as a tool for players who wanted to upgrade the popular MMORPG’s graphics, and its use does not technically violate the game’s terms of service.
However, its popularity may be at an end. Users discovered malicious code in a recent update and brought it to the creators’ attention. One of GShade’s creators, Marot Satil, claimed he added malware that “shuts down user PCs” to the mod in an attempt to “teach [them] a lesson”, and the below tweet includes the reasoning provided by Satil (via Discord) for adding the software to the mod.
Satil goes on to say “This was meant to be a lesson to you specifically about taking this approach to the problem; anything could have been in the payload and you’d have been responsible for distributing it to people and triggering it. I chose a restart specifically because I wanted something that was still completely harmless but slightly more noticeable than a quick process kill.”
This should be troubling for any user using third-party mods for Final Fantasy XIV, since Satil openly admits he could have snuck something far worse into the widely-used mod instead of a “completely harmless” PC restart.
The GPosers “about” section on their website states “GPosers is a Final Fantasy XIV community dedicated to inspiring and connecting with others while producing creative works,” but now that message has been seemingly lost. A Reddit Megathread not only said that GShade will discontinue updates, but included an apology from Satil with a promise that malware will not be added to GShade again, and instructions on how to deactivate the malware.
@ everyone the recent concerns involving GShade: I would like to personally apologize for the undue stress I may have caused both the community and our @ moderators the process of attempting to improperly address an ongoing situation.
As part of a conflict with third parties attempting to redistribute copyrighted assets within GShade without permission, an anti-tampering function was added to GShade’s installer to trigger restarts in the event that a third party, external software or library utilized the GShade installer’s functions without actually running it. It was not possible to trigger this function by running the GShade installer normally.
– Marot Satil on Final Fantasy XIV Mod Malware
While the malware has been removed from the mod, and the promise has been made to “never do it again,” it’s up to users on whether they will implement third party mods for Final Fantasy XIV or not. The entire incident may raise some red flags for the larger modding community as well, as such incidents could potentially happen with any other game.
Other third-party mods for Final Fantasy XIV have also drawn negative attention recently. A team was disqualified from the unofficial “world first” race to clear the MMO’s latest Ultimate trial when it came to light that they had used third-party mods to mitigate its difficulty. Director Naoki Yoshida condemned the use of third-party tools for such “illicit activities,” stating that the Ultimate trials are rigorously tested to confirm they can be cleared naturally.
“If the presumption is that this content will be tackled and cleared with the use of third-party tools, then any reason to develop high-difficulty battle content seems to be lost,” Yoshida said. “It’s very difficult for me to understand as a gamer what the meaning behind using numerous third-party tools to compete to clear first would be.”
