In the world of gaming, Steam is a well-known platform that not only provides games but also user-created content, such as mods, to enhance game experiences. These mods can range from simple cosmetic changes to complete overhauls of games. Unfortunately, the openness that makes such innovative content possible can also be a vulnerability. This was exemplified on Christmas Day when the modding community for the popular video game 'Slay The Spire' was thrown into disarray.
The Downfall mod, an expansive and popular modification for the deck-building roguelike game 'Slay The Spire,' fell victim to a sophisticated cyberattack. The attackers exploited the mod to spread malware among users, with the primary intention of stealing their passwords.
This malicious software was particularly devious in its approach, targeting a wide array of personal information. Upon launching Downfall while the hack was active, players were greeted with a faux "Unity library installer popup," a convincing facade intended to mask the malware's malicious activities. In reality, this was a front for the malware to commence its password-stealing operations, attempting to harvest details from various internet browsers, as well as popular messaging services such as Telegram and Discord.
The breadth of the information targeted was extensive; the malware aimed to scrape passwords saved in numerous applications. It tried to access Windows local login details, along with data from several browsers including Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi, and files with names containing the word 'password'. The hackers' ambitions did not end at browsers; they extended their reach into communication applications, aiming to siphon off login credentials from Telegram and Discord as well.
The modding community and affected users responded promptly to the incident. The initial reports of the attack surfaced during Christmas, and by around 1:40 pm ET on December 25th, the developers of the Downfall mod announced that they had reversed the hack. Despite this rapid response, the incident left many in the Steam community alarmed.
In their announcement, the creators of Downfall highlighted a concerning fact: most antivirus programs had failed to prevent the execution of the malware. Though the software did not always manage to send the stolen information across the internet, the mere execution of the malware posed a significant threat.
Those who encountered the deceptive Unity installer popup were in immediate danger. Developers advised these players to take precautionary measures to secure their digital safety. Guidance included steps such as disconnecting from the internet to inspect any suspicious files created by the malware—some of which were identified by the users and listed in the announcement. They also underscored the importance of changing important passwords, emphasizing those not protected by two-factor authentication (2FA), which provides an added layer of security.
The response also included a clear call to action: users who might have been impacted during the malware spree were encouraged to act quickly to mitigate risks. As a rule of thumb, the advice was to preemptively change passwords as a defensive measure against potential breaches.
It's important to note that Downfall is not just a minor mod but a transformative addition to 'Slay The Spire.' It introduced new characters, a unique mode, and various gameplay elements that significantly extended the depth of the original game. Since then, the developers have embarked on a new project, Tales & Tactics, which is a standalone game in a dual genre of auto-battling Chess and roguelike elements.
This incident serves as a stark reminder that cybersecurity is a crucial aspect of the gaming industry, especially in community-driven platforms like mods. It underscores the importance of vigilance and the implementation of strong security practices to guard against similar breaches in the future. The gaming community, while collaborative and innovative in spirit, must also prioritize safety to ensure that their digital experiences remain secure and enjoyable.
You must be logged in to post a comment!
