On Christmas day, the gaming world faced a cybersecurity threat as the Slay The Spire mod, Downfall, was exposed to a significant security breach. Hackers found a way to use this popular game modification to distribute malware via Steam, the widely used gaming platform. The effectiveness of this malware was primarily seen in its capability to filch passwords directly from users' internet browsers, and also from popular messaging services like Telegram and Discord.
For players who launched Downfall during the time of the hack, they would have encountered a suspicious "Unity library installer popup," which was the malware attempting to execute its harmful tasks. The developers of the mod timely identified the security infringement and took comprehensive measures to reverse the hack promptly by 1:40 pm ET (6:40 pm GMT) on the day of the breach.
One of the alarming aspects of this issue was that most antivirus software did not prevent the malware from initializing. However, various security programs were capable of obstructing the malware's payload—the malicious part of the program meant to execute detrimental functions—from spreading across the internet. This implies that despite the execution of the malware, the damage was potentially contained from becoming widespread.
The malware in question was not just a simple nuisance; it had a destructive purpose. Specifically, it aimed to scrape and generate a collection of passwords from several important sites and applications. This list included credentials from web browsers such as Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, and Vivaldi. Additionally, passwords from Telegram, Discord, and even Windows local login data were at risk. The malware also targeted any files that might seem relevant to password information, indicated by the filename containing the word 'password.'
Reports have surfaced from users who noticed suspicious files popping up in various locations on their hard drives. The developers of Downfall, upon noticing these reports, mentioned these findings in their announcement and suggested that users should examine their systems for these files—crucially, only when they are disconnected from the internet to prevent any potential dissemination of the malware.
In light of the potential risk associated with this attack, the Downfall developers urged users who experienced the Unity installer popup to take immediate action. They recommended a complete change of important passwords, especially for accounts that are not protected by two-factor authentication (2FA), a security process where two different methods are used to verify the identity of the user.
Downfall is no small-time mod in the gaming community—it's a substantial expansion of the original Slay The Spire game, bringing in new playable characters, game modes, and additional content that has attracted a large following. The incident has not only been a wake-up call regarding the risks present in the gaming world but also an unfortunate setback for the community that has supported the mod. Since the breach, the developers have moved on to develop a new project, Tales & Tactics, a standalone project that brings an auto-battling Chess roguelike experience to its audience.
For players and members of the Steam community, this incident serves as a reminder of the ever-present need for cybersecurity vigilance. Gamers are encouraged to maintain strong security practices, such as keeping antivirus software updated, using complex passwords, and enabling two-factor authentication whenever possible. By taking these steps, players can help protect their digital lives while continuing to enjoy the vast universe of gaming.
You must be logged in to post a comment!
