On Christmas day, a popular mod for the card game "Slay The Spire" named Downfall experienced a significant security situation. Hackers managed to distribute malware through Steam, affecting players who had the mod installed. The malware's primary function was to steal passwords from users' internet browsers and from messaging services such as Telegram and Discord.
When players launched the compromised version of Downfall during the incident, they would encounter a suspicious "Unity library installer popup". This popup was the sign that their system had been affected by the malicious software. Fortunately, this hack was swiftly addressed and reversed on the same day, around 1:40 pm ET (6:40 pm GMT) as stated by the developers.
Despite the quick response, there was concern because many antivirus programs appeared ineffective at preventing the execution of the malware. However, they were able to prevent its payload, the part designed to extract and transmit stolen information, from being sent across the internet. Thus, the impact of the attack may have been mitigated for some users.
The malicious payload was designed to scour the user's system for a variety of passwords. It targeted login details stored in popular browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, and Vivaldi. Additionally, it attempted to extract passwords from the Telegram and Discord apps, as well as Windows local login credentials. The malware was also programmed to search for any files on the user's system that might include the word 'password' in their names, indicative of a wide-reaching attempt to gather as much sensitive information as possible.
Following the breach, users began to notice unusual files appearing on their computers. Those who saw the Unity installer popup were particularly at risk and should consider themselves compromised. The developers of Downfall issued specific advice to their community in light of these events. They suggested that users only investigate the suspicious files while their computers are disconnected from the internet to avoid any potential further spread or communication with a hacker's server.
In an abundance of caution, they also recommended that users change any important passwords. This advice was particularly directed at passwords not protected by Two-Factor Authentication (2FA), an additional security layer that can prevent unauthorized access even if a password is compromised.
Downfall itself is a substantial mod that offers a great deal of additional content for Slay The Spire players, including new playable characters and new game modes. Following this incident, the developers stated their intentions to focus on developing a new game called Tales & Tactics, which is described as a standalone auto-battling Chess roguelike.
The incident serves as an important reminder of the vulnerabilities that can exist within the modding communities and platforms like Steam. It underscores the necessity of maintaining robust cybersecurity practices, such as regularly updating antivirus software, using complex passwords, and enabling Two-Factor Authentication wherever possible.
With these steps, users can help protect themselves from the potentially devastating consequences of malware and other cyber threats. Updates from the Downfall mod developers following the breach also highlight the importance of community vigilance and the benefits of prompt reporting and action when it comes to mitigating the effects of such security breaches.
You must be logged in to post a comment!
