Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Downfall devs. Show all posts

Hackers Breach Steam Discord Accounts, Launch Malware


On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system.

Developer Michael Mayhem revealed that the corrupted package is not a mod installed through Steam Workshop, but rather the packed standalone modified version of the original game.

Hackers breached Discord

The hackers took over the Discord and Steam accounts of one of the Downfall devs, giving them access to the mod's Steam account.

Once installed on a compromised system, the malware will gather information from Steam and Discord as well as cookies, saved passwords, and credit card numbers from web browsers (Yandex, Microsoft Edge, Mozilla Firefox, Brave, and Vivaldi).

Additionally, it will search for documents with the phrase "password" in the filenames and for additional credentials, such as Telegram and the local Windows login.

It is recommended that users of Downfall change all significant passwords, particularly those associated with accounts that are not secured by Two-factor authentication ( (2-factor authentification).

The virus would install itself, according to users who received the malicious update, as UnityLibManager in the /AppData/Roaming folder or as a Windows Boot Manager application in the AppData folder.

About Epsilon Stealer

Epsilon Stealer is a trojan that steals information and sells it to other threat actors using Telegram and Discord. It is frequently used to deceive players on Discord into downloading malware under the pretence of paying to test a new game for problems. 

But once the game is installed, malicious software is also launched, allowing it to operate in the background and harvest credit card numbers, passwords, and authentication cookies from users.

Threat actors could sell the stolen data on dark web markets or utilize it to hack other accounts.

Steam strengthens security

Game developers who deploy updates on Steam's usual release branch now need to submit to SMS-based security checks, according to a statement made by Valve in October.

The decision was made in reaction to the growing number of compromised Steamworks accounts that, beginning in late August, were being used to submit dangerous game builds that would infect players with malware.