Security News > 2023 > December > Steam game mod breached to push password-stealing malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.
As developer Michael Mayhem told BleepingComputer, the compromised package is the prepackaged standalone modified version of the original game and not a mod installed via Steam Workshop.
"One of our devices was hit with malware that did not get flagged or blocked by the security we had running on it. As far as I currently know, it was not a password-stealing malware as 2FA did not trigger or stop this, and of the accounts compromised, all were under different e-mail addresses," Mayhem told BleepingComputer, saying that he's "Reluctant to state anything with absolute certainty" until he obtains a professional assessment.
The attackers compromised one of Downfall's developers' Steam and Discord accounts, allowing them to gain control of the mod's Steam account.
Once installed on a compromised computer, the malware will collect cookies and saved passwords and credit cards from web browsers, as well as Steam and Discord info.
After the game is installed, it also deploys the malware which runs in the background and steals the user's passwords, credit card details, and authentication cookies.