During the festive season, while many were enjoying their holiday, the gaming community faced a startling security incident. A popular modification (mod) for the card game "Slay The Spire", known as Downfall, was hijacked and used as a vehicle to spread malware through the gaming platform, Steam. This alarming event took place on Christmas day and had significant implications for the Steam users who had downloaded it.
Downfall is a well-known mod among the Slay The Spire players, known for adding new layers to the game with additional playable characters and modes. However, on this occasion, the excitement surrounding the mod was overshadowed by a severe security breach. The breach allowed hackers to implement a malicious program designed to steal sensitive information from unsuspecting users.
The mod developers quickly released a statement revealing the nature of the malware, which aimed to take passwords from a range of sources. It targeted internet browsers and messaging services, such as Telegram and Discord. When gamers attempted to launch Downfall during the period of the hijack, they were bamboozled by a "Unity library installer popup," an unusual occurrence that hinted at the underlying mischief.
According to the developers' announcement, the hack was remedied by around 1:40 pm Eastern Time on December 25th. Despite swift action to resolve the hack, there was still a cause for concern regarding the antivirus software's effectiveness against this particular malware. While it seems that most antivirus solutions failed to prevent the malware's execution, they did manage to block the transmission of the stolen data across the internet. This rendered the attack somewhat ineffective in terms of immediate damage to the users.
The developers detailed the payload of the malware classified as highly invasive. It was designed to scrape sensitive data by targeting passwords stored within various applications including popular browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, and others, as well as messaging apps like Discord and Telegram. Additionally, the malware sought out any files containing the word “password” in their filename, potentially indicating where users may have stored important credentials.
Several users had reported the appearance of unusual files on their hard drives, which were presumed to be created by the malware. The developers suggested users to thoroughly scrutinize their systems for these suspicious files, but importantly, while disconnected from the internet to prevent any potential dissemination of personal information
Moreover, those who encountered the Unity installer popup were advised to change significant passwords, especially those not protected by two-factor authentication (2FA). It was a stark reminder of the vulnerability of digital security, even within reputable game platforms such as Steam.
The event points to a larger issue within the world of online gaming. Mods like Downfall are created with a passion for gaming and add value to the original game experience. However, when security isn’t watertight, it creates a window of opportunity for cybercriminals to exploit fans’ enthusiasm. This incident emphasized the importance of vigilance even within the gaming community, encouraging both developers and players to pay close attention to digital security protocols.
Following the breach, the Downfall mod developers disclosed that their efforts are now channeled towards the development of a new title, Tales & Tactics. This game is described as a standalone auto-battling Chess roguelike, indicating a shift towards an independent creation outside the modding landscape, possibly influenced by the need for more controlled and secure gaming environments.
The Downfall incident could serve as a cautionary tale for players and developers alike, illuminating the constant threat posed by malicious actors in the digital space. As for the players affected by this breach, vigilance and immediate action in securing their personal information became the unexpected item on their holiday to-do list.
You must be logged in to post a comment!
