During the festive season, a popular mod for the deck-building game Slay The Spire faced a significant cybersecurity issue. Downfall, which is among the most beloved modifications to the game, enhancing it with new characters and modes, was exploited on Christmas Day. The mod's developers have disclosed that this breach enabled hackers to employ the mod as a medium to spread malicious software, commonly known as malware, through the Steam platform. Steam is a widely-used digital distribution service for video games.
This malware was specifically programmed to infiltrate and extract the passwords of users, not just from their internet browsers, but also from widely-used messaging applications such as Telegram and Discord. When gamers initiated Downfall during this period of vulnerability, a "Unity library installer popup" would appear, signaling the infection. The hackers’ manipulation of the mod was successfully reverted at approximately 1:40pm Eastern Time on December 25th, as reported by the mod developers.
The fact that most antivirus programs failed to halt the execution of the malware itself, yet were able to prevent its payload—that is, the stolen information—from being transmitted over the internet, provided affected users with a small relief. Despite this, the developers described that the malware was designed to compile a list of passwords from various applications and files, particularly focusing on those associated with Windows local login credentials, and passwords stored in or by browsers like Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi, and more. Moreover, it would search for any files on the user's computer that might include the word 'password' in the filename.
Suspected files created by the malware seemed to materialize in random folders within users' hard drives, and these locations were detailed in the announcement. Caution was advised to those dissecting these suspicious files to do so while disconnected from the internet to prevent further potential breaches or the relay of sensitive information.
The developers have provided recommendations for players who encountered the Unity installer popup. A crucial measure involves changing important passwords, especially for accounts not secured with two-factor authentication (2FA), to thwart any unauthorized access following the malware attack.
Downfall has been celebrated for significantly expanding the universe of Slay The Spire by introducing new dimensions to the game that its fanbase has embraced. Following the mod's success, its creators have embarked on developing another project named Tales & Tactics, a standalone game described as an auto-battling Chess roguelike, indicating the mod developers’ intent to move forward and continue creating despite the setback faced during the holiday season.
The incident serves as a sobering reminder of the vulnerability of even the most reputable mods and the platforms that host them. For the gaming community, it underscores the reality that with the increasing integration of internet services into gaming, the specter of cyber threats remains ever-present. As such, developers and users alike are urged to remain vigilant, ensuring that security measures are in place and that there is regular monitoring for any anomalous activity within their systems and software. It also highlights the importance of effective antivirus solutions and safe practices such as regular password changes and the use of robust, multi-factor authentication methods to safeguard against the ramifications of such breaches. The Downfall incident may be a singular event, but it leaves a lasting impression on the importance of cybersecurity within the gaming industry.
You must be logged in to post a comment!
