Popular Slay the Spire mod hacked to deliver malware on Christmas Day
A popular Slay the Spire mod called Downfall was compromised over the holidays, and used to push malware to users via a Steam update. The malware in question is called Epsilon and is used to steal information from infected hardware, and was present in the standalone version of the mod on Steam for around an hour on Christmas Day.
The attackers compromised one of the mod's developers' Steam and Discord accounts, allowing access to the mod's Steam account. The Epsilon malware is frequently used on Discord, often packaged with a game executable, and once installed runs in the background harvesting the hardware's cookies, and any saved passwords or credit card information on the device or stored by browsers (everything from Google Chrome to Vivaldi).
«Christmas Day, at roughly 12:30 PM Eastern time, we experienced a security breach,» writes developer Michael Mayhem. «At roughly 1:20 PM, that breach allowed a malicious upload to overtake our game on Steam's library for a period of roughly one hour. Our Steam and Discord accounts were hijacked, and though the Steam accounts were able to be recovered late in the evening, we were limited in our ability to warn or communicate immediately following the breach. Fortunately, we were able to contain the actual breach much more quickly than the amount of time it took to recover the accounts.»
The breach was contained by roughly 2:30 pm Eastern Time, and only users who launched Downfall within that window were affected (there is a full list of who does and doesn't need to worry in a Steam update). The main concern is over users who saw a Unity library installer popup
«In your users/[username]/AppData/Local/Temp folder, there will be several files the Trojan creates,» one affected user
Read more on pcgamer.com
