There are currently at least four malicious servers trying to steal authentication keys. If your auth is suddenly refusing to work and/or you see “Unknown” in the server list instead of “FREEZE”, you probably have connected to one of those servers and downloaded at least one map.
All those maps contain malicious code.
If you think you may be affected, delete all maps downloaded on September 14 or later and change your auth key. Downloading any maps from servers you don’t know well is discouraged until further notice.
If you believe that your auth key was compromised, please go to your profile page and click on "My game auth key" in the "Manage my account" section, then click on "Get a new auth key".
At present no one knows how deep this runs. They know it steals auth keys, but no one has ascertained if it can steal data from your documents folders and proxy them off. So if you have a firewall that can sandbox apps, i suggest running UrT as a limited app.
From reading the thread it looks like a lot more than 4 servers are out there. At present it looks like this is just Frag Servers. The identifiers are 20 players on server, but when you do a server info no one shows on server. Running one of these maps.
q_premiere_v1 ut4_aeropuerto_v1 ut4_aeropuerto_v2 ut4_amazing_v1 ut4_arena2_b4.1 ut4_arena7_v1 ut4_aztek_ruins_v1 ut4_battlefront_v2 ut4_boxtrot_v2 ut4_conf_v1 ut4_container_b3 ut4_doom16_b2 ut_macabre_b7
I would suggest using.
At least until they release 4.2.020 which will fix this problem. No doubt Fenix has already patched his binary to not allow vm folders in pk3 files. If he has, maybe he will share it.
Also watch out for new jump servers popping up with mapnames you dont know. Query them by using our download page. Also let us know if you find any, so we can all avoid them.
Lastly make sure you havent already been infected. Check your q3ut4 folder for those maps. But be aware that a real ut4_boxtrot_v2 does exist. My copy that ive had for about 3 years has the following attributes.
Name: ut4_boxtrot_v2 Size: 1563284 bytes MD5: 1679e65a71dd7c64e4b714785e020ad8 SHA256: a42d1c0c2a76eede45f43d29c1158fd7cc801e86fa132087d554cd91407e6488