On Christmas Day, a shocking security breach unfolded within the gaming community. The widely recognized mod for the card game Slay The Spire, known as Downfall, fell victim to nefarious hackers. This breach facilitated the distribution of dangerous malware through Steam, the popular gaming platform that hosts the mod.
Downfall's developers urgently informed their user base about the incident, noting the sinister intentions of the malware: to poach passwords directly from users' internet browsers. It specifically targeted credentials saved in browsers and on messaging platforms such as Telegram and Discord. For those unsuspecting players who booted up Downfall during the hijack, they would be greeted with an unexpected "Unity library installer popup," which was the malware in disguise.
This infiltration was successful for a brief period, but by 1:40 pm ET (6:40 pm GMT) on December 25th, the developers were able to report that the hack had been remedied. However, during its time of operation, the malware was alarmingly effective as most antivirus programs failed to prevent the malicious code from executing. They were more successful, thankfully, in preventing the extracted data—usually passwords—from being transmitted across the internet, thus mitigating some potential damage.
The malware was quite sophisticated, engineered to collect passwords from a wide array of common applications: Microsoft Edge, Google Chrome, Mozilla Firefox, and other browsers, as well as Vivaldi, Brave, as well as messaging apps Telegram and Discord. Furthermore, the malware scoured users' hard drives for any files that might contain the keyword 'password', indicating a profound threat to personal security.
The situation was so precarious that those who encountered the misleading Unity popup were advised to take immediate precautions, such as changing their most crucial passwords, especially for accounts lacking two-factor authentication (2FA). This was an essential step to secure their digital safety against the intrusive malware.
As players reported, the fallout from the malware led to strange files materializing in various places on their computer drives. The developers shared some examples of these file locations to help users identify potential remnants of the malware. They emphasized the importance of disconnecting from the internet while inspecting for these suspicious files to avoid further risks.
Downfall is not just any mod. It brought significant enhancements to the original game, Slay The Spire. It introduced a roster of new playable characters, an innovative new mode, and various other additions, cementing its status as a major expansion beloved by the game's community. Post-incident, the creators of Downfall have ventured into a new project: Tales & Tactics. This standalone game combines auto-battling and chess elements into a rogue-like format, promising a fresh twist for fans of strategic gameplay.
Such incidents shed light on the vulnerable intersections between gaming, modding communities, and cybersecurity. It highlights the need for constant vigilance among developers and players alike in protecting their digital environments. While the intrusion on Downfall was promptly addressed, it serves as a stark reminder that the cybersecurity battlefields can extend into even the most unexpected arenas—like our favorite games.
You must be logged in to post a comment!
