Advertisement
The Slay the Spire mod community encountered a significant setback recently as the well-known Downfall mod fell victim to a security breach, resulting in the distribution of malware to players through Steam. Slay the Spire, a renowned deck-building game released in 2017, boasts a substantial player base and an array of mods, and the compromise of Downfall could potentially impact any users who engaged with it.
Regarded as one of the standout Slay the Spire mods, Downfall was introduced as a comprehensive expansion on Steam around two years ago. This mod offered an extensive alternative campaign, introduced seven new characters, and delivered fresh content tailored for the game’s devoted player base.
However, the creators of the Downfall mod disclosed via a Steam post that their project suffered a security breach over the Christmas period. During this incident, an individual uploaded a malicious file to the mod, which remained active for approximately an hour. Complicating matters, members of the modding team had their Steam and Discord accounts compromised, impeding their ability to promptly alert the community. If a player accessed the infected Slay the Spire mod, they would encounter a Unity library popup. The malware’s objective was to pilfer user passwords stored in internet browsers or associated services like Discord and Telegram.
Reportedly, while most antivirus programs might allow the malware to execute, they would prevent the pilfered passwords from being transmitted to the hackers. Users who encountered the popup are strongly advised to change all their passwords, enable two-factor authentication, and refrain from interacting with suspicious files while online. Fortunately, Downfall has since been patched and is confirmed to be free from malicious elements.
In an effort to mitigate such security risks, Valve implemented enhanced security measures for Steam back in October. This included mandating creators to utilize two-factor authentication, aiming to reduce the likelihood of their accounts being compromised. However, it remains unclear how the hackers managed to bypass these measures to infiltrate the mod makers’ accounts.
Unfortunately, security breaches are not uncommon in the gaming realm, particularly within projects like mods, where security measures might be lacking and development involves numerous contributors. A similar incident occurred in June involving several Minecraft mods infected with malware, such as Better Minecraft, Dungeons Arise, Sky Villages, Dunigeonz, Display Entity Editor, and Haven Elytra. While the affected mods were swiftly rectified, some players were impacted, echoing the recent incident with Slay the Spire’s Downfall mod.