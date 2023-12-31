Summary: Over the holiday season, attackers managed to gain unauthorized access to the Steam account of the developer behind Downfall, a popular fan-made mod for the indie game Slay the Spire. The attackers compromised game downloads by injecting them with a malware strain known as Epsilon Information Stealer. However, it is worth noting that the malware only infected the prepackaged standalone modified version of Downfall and not the mod installed through Steam Workshop. The infected download was only available for a short period before being detected.

The Epsilon Information Stealer malware has the capability to steal sensitive information, including passwords from various installed internet browsers, cookies, Discord, Steam, and data stored by Telegram. Although the developer stated that the malware did not trigger two-factor authentication (2FA) or steal email addresses, a thorough professional assessment is required to confirm the extent of the breach.

In response to the incident, the developer promptly informed users via a Steam update, advising those who encountered a Unity popup over the Christmas period to change their passwords, particularly if they did not have 2FA enabled. The developer also recommended regular scans using live protection software and expressed the intention to reset and wipe all affected hardware drives.

Epsilon Information Stealer has become a preferred choice among threat actors targeting gaming communities through mods. This type of malware is typically disguised as an enticing add-on or an exclusive test build of a game, often tricking gamers on platforms like Discord into unwittingly installing it. Malware distributors have increasingly utilized standalone and third-party mods to disseminate information-stealing software, mirroring previous instances where Minecraft mods were used as a vehicle for distributing malware like Bleeding Pipe.

As a precautionary measure, it is important for users to adopt more robust security practices by enabling two-factor authentication wherever possible. Steam has implemented SMS-based security verification since October as an additional layer of protection against compromised files being uploaded.

FAQ:

Q: Which game was targeted by the attackers?

A: The attackers targeted the game Slay the Spire through a fan-made mod called Downfall.

Q: What type of malware was injected into the compromised downloads?

A: The attackers utilized a strain of malware known as Epsilon Information Stealer.

Q: Did the malware affect all versions of Downfall?

A: No, only the prepackaged standalone modified version of Downfall was infected, not the mod installed via the Steam Workshop.

Q: How can users protect themselves from similar incidents?

A: Enabling two-factor authentication, regularly scanning for malware, and being cautious when installing mods or add-ons can help mitigate risks.