The gaming community encountered a concerning event during the recent holiday season when a popular modification (mod) for the card game Slay The Spire, titled Downfall, was compromised by cybercriminals. These attackers exploited the mod to spread malware through the Steam gaming platform. This malware specifically targeted the theft of passwords from various internet browsers and communication services.
On the day of Christmas, as players engaged with the mod, they were met with an unexpected and suspicious 'Unity library installer popup'. This signaled a security breach which the developers themselves confirmed. The attackers had successfully embedded the malicious code into the mod, which then became a vehicle for the malware once gamers attempted to launch Downfall.
The malware in question was engineered with a nefarious purpose: it aimed to scrape the user's system for passwords stored in various locations. The targeted applications included widely-used internet browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, as well as other less common ones like Yandex, Brave, and Vivaldi. Moreover, the malware sought credentials from messaging services like Telegram and Discord, as well as attempting to detect any files on the user's system that contained the word 'password' potentially in the filename.
In addition, the malware tried to access passwords related to Windows local login, an action that further intensified the severity of the situation for those affected. The risk was not limited to the virtual space; if the malware successfully harvested this information, it could lead to unauthorized access to various personal and financial services, thereby posing a significant threat to the users' online security.
Thankfully, the malicious intrusion was identified and the hack was reversed, as per the information shared by the mod's development team at around 1:40 pm ET on December 25th. Despite the swift action of the developers in containing the hack, most antivirus programs were not able to stop the execution of the malware, although they did manage to prevent the harvested data from being transmitted across the internet. This indicated a certain level of protection for impacted users, as the attack's 'payload' – the term used to describe the data stolen by the malware – was halted before it could reach the attackers.
The developers rigorously addressed the issue by guiding users through a number of precautionary steps. They recommended that users inspect their systems for suspicious files, stressing the importance of doing this offline to avoid further data leaks. Moreover, they urged anyone who encountered the Unity installer popup to change their most important passwords, emphasizing the necessity of this measure for passwords not secured by two-factor authentication (2FA), a security process that adds an additional layer of verification to protect access to accounts.
The Downfall mod itself is a substantial addition to the Slay The Spire gaming experience, introducing new gameplay elements such as additional characters, game modes, and other enriching content. Since then, the creative team behind Downfall has been developing a new project, Tales & Tactics, which is described as a standalone auto-battling chess roguelike game.
This incident serves as a somber reminder of the persistent threats lurking within digital spaces, especially in environments perceived as safe and enjoyable like gaming. It underscores the importance of maintaining vigilance regarding software security, particularly for projects involving user-generated content such as game mods. As the developers and the gaming community move past this event, the need for heightened security measures and awareness remains a top priority to safeguard against similar cyber threats in the future.
You must be logged in to post a comment!
