On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system.
Developer Michael Mayhem revealed that the corrupted package is not a mod installed through Steam Workshop, but rather the packed standalone modified version of the original game.
Hackers breached Discord The hackers took over the Discord and Steam accounts of one of the Downfall devs, giving them access to the mod's Steam account.
Once installed on a compromised system, the malware will gather information from Steam and Discord as well as cookies, saved passwords, and credit card numbers from web browsers.
It is recommended that users of Downfall change all significant passwords, particularly those associated with accounts that are not secured by Two-factor authentication.
The virus would install itself, according to users who received the malicious update, as UnityLibManager in the /AppData/Roaming folder or as a Windows Boot Manager application in the AppData folder.
About Epsilon Stealer Epsilon Stealer is a trojan that steals information and sells it to other threat actors using Telegram and Discord.
It is frequently used to deceive players on Discord into downloading malware under the pretence of paying to test a new game for problems.
Once the game is installed, malicious software is also launched, allowing it to operate in the background and harvest credit card numbers, passwords, and authentication cookies from users.
Threat actors could sell the stolen data on dark web markets or utilize it to hack other accounts.
Steam strengthens security Game developers who deploy updates on Steam's usual release branch now need to submit to SMS-based security checks, according to a statement made by Valve in October.
The decision was made in reaction to the growing number of compromised Steamworks accounts that, beginning in late August, were being used to submit dangerous game builds that would infect players with malware.
This Cyber News was published on www.cysecurity.news. Publication date: Mon, 01 Jan 2024 16:13:04 +0000