In an unwelcome holiday surprise, a mod for the popular video game 'Slay The Spire,' known as Downfall, was compromised on December 25th, turning the gaming experience into a security nightmare for its users. The breach led to the distribution of malicious software (malware) through Steam, targeting gamers by attempting to steal their passwords.
Downfall is not just any mod—it has significantly expanded the original game's playing experience with new characters and modes, becoming a favorite in the gaming community. However, on Christmas day, something went awry when hackers took advantage of the mod to execute their nefarious scheme.
The sinister payload delivered through the compromised mod was a malware variant particularly interested in harvesting passwords. It had a predilection for credentials saved in internet browsers and sought access to popular messaging services such as Telegram and Discord. For the unassuming player, the first sign of trouble would appear as a 'Unity library installer popup' that surfaced when launching the mod during the period it was hijacked.
Thankfully, the devs behind Downfall acted swiftly, and by approximately 1:40 pm ET on the day of the attack, they were able to reverse the hack. In their announcement, they also detailed the limitations of standard antivirus tools against the hack. While most antivirus software did not prevent the malware from executing, they did succeed in blocking the transmission of stolen data across the internet—which could limit the damage to those afflicted.
The hackers were thorough in their pursuit of valuable login credentials. The targeted information included a wide array of details ranging from local Windows login credentials to data from various browsers like Google Chrome, Microsoft Edge, Mozilla Firefox, including privacy-focused ones like Brave and Vivaldi. The list didn't end there; it also extended to Telegram and Discord credentials and even went as far as to search for any file that might contain the word 'password' in the filename.
Those affected by the malware reported that it created files in various locations on their hard drives. The mod developers issued recommendations for users to perform checks for these suspicious files only when their internet connection was disabled. This precautionary measure would prevent any potential malware from transmitting data even if it was triggered during the investigation process.
Given the serious nature of the compromise, the developers of Downfall instructed players who encountered the Unity installer popup to change their "important passwords," highlighting the increased risk for passwords that were not secured through two-factor authentication (2FA).
The incident with Downfall serves as a stark reminder of the vulnerabilities inherent in online gaming, where third-party mods are widely used to enhance the gaming experience. Despite their role in enriching gameplay, these modifications come with risks, as they can be exploited as gateways for cyberattacks. Gamers are encouraged to be vigilant and proactive in securing their accounts, especially by enabling two-factor authentication wherever possible.
For the Downfall team, this security breach marks a challenging period. But it has not deterred them from moving forward in the world of game development. They are currently channeling their efforts into a new project, 'Tales & Tactics,' an ambitious standalone game that combines the dynamics of auto-battling Chess with the intrigue of roguelike games.
In the gaming community, trust is paramount. When compromised, it not only impacts the individuals involved but can send shockwaves through the entire scene. As a response, the community often bands together to support one another and reaffirm the importance of collective security measures. Due to the breach, users who had Downfall installed are now more aware of the potential risks associated with mods and hopefully better prepared to defend against such threats in the future.
You must be logged in to post a comment!
