this post was submitted on 29 Dec 2023
110 points (98.2% liked)

PC Gaming

8642 readers
553 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
110
Steam game mod breached to push password-stealing malware (Downfall, Slay the Spire Mod) (www.bleepingcomputer.com)
submitted 11 months ago by [email protected] to c/[email protected]
10 comments fedilink hide all child comments
top 10 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 11 months ago

The app affected is the prepackaged version of the Downfall Mod with Slay the Spire, not the Steam Workshop version, apparently. (I have the Downfall mod but didn't know the pre-packaged version was a thing!)

"The breach window was roughly 1:30 PM-2:30 PM Eastern (1830-1930 UTC+0) on 12/25. If you did launch Downfall on 12/25 during the breach window and got a Unity library installer popup, please continue to read. You may be also at risk. The security breach allowed a malicious upload to replace the Downfall packaged game," Mayhem said in a statement published on Wednesday.

[–] [email protected] 9 points 11 months ago (1 children)

Shit, I don't remember if I downloaded that or not. I think I was trying to beat the hell out of vanilla first.

[–] flumph 12 points 11 months ago

Make sure you check the statement. You'd have to have launched the mod in a specific way during a specific time window

[–] [email protected] 4 points 11 months ago (1 children)

Man I have been clear of any real issues for a long time, this one has my anxiety spiking as someone who installed a lot of steam games...

[–] [email protected] 0 points 11 months ago (1 children)

I love Steam and wouldn't lay the blame for this on them but this is why you need to use trusted software sources and isolate machines that use less trustable software.

[–] [email protected] 10 points 11 months ago (1 children)

Steam was not even involved. This didn't affect the Steam version.

[–] [email protected] 3 points 11 months ago

Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.

The publisher got pwnd and the malware got pushed out over Steam. No different from someone publishing a malicious game directly.