Are you aware of any information out there about what mod exactly contained the exploit and where it came from?
I'm of course quite curious about how said mod ended up on this person's computer in the first place. As I'm sure you know but I'll explain for the benefit of the wider HN audience, there's a big divide in the BeamNG community over third-party mod sites versus sticking to the official repository. The official repo has rules against stolen content like models ripped from commercial games so the people who just want to crash real life cars tend to go to the third party sites where there's a lot less oversight and quality control, while those of us who don't care about that tend to recommend sticking to the official repo for both ease of use and minimization of potential problems like version update breakage and security exploits. If this came from the official repo that'd blow a lot of holes in the main arguments against the third party sites, and vice versa if it did come from a third party site it'd stand as a demonstration of the point.
I didn't know BeamMP could automatically download mods from the server (none of my friends play Beam so I haven't really used it much), obviously that could have been it as well.
As far as we know it was a mod from modland, and nothing to do with BeamMP (luckily). We don't know which mod, but I've seen people on twitter talk about reverse engineering it - maybe someone knows which mod?
And yes when people join modded servers (which is clearly marked and the mods are listed), the mods are downloaded and installed. This enables super cool community made gamemodes, some of which have thousands of players.
I'm of course quite curious about how said mod ended up on this person's computer in the first place. As I'm sure you know but I'll explain for the benefit of the wider HN audience, there's a big divide in the BeamNG community over third-party mod sites versus sticking to the official repository. The official repo has rules against stolen content like models ripped from commercial games so the people who just want to crash real life cars tend to go to the third party sites where there's a lot less oversight and quality control, while those of us who don't care about that tend to recommend sticking to the official repo for both ease of use and minimization of potential problems like version update breakage and security exploits. If this came from the official repo that'd blow a lot of holes in the main arguments against the third party sites, and vice versa if it did come from a third party site it'd stand as a demonstration of the point.
I didn't know BeamMP could automatically download mods from the server (none of my friends play Beam so I haven't really used it much), obviously that could have been it as well.