Geeks for your information News Privacy & Security News v
Hackers uploaded malware through a popular game mod on Steam
Hackers uploaded malware through a popular game mod on Steam
harlan4096 Offline
MalWare Zoo Team
*******
Posts: 13,815
Threads: 9,255
Thanks Received: 8,903 in 7,082 posts
Thanks Given: 9,584
Joined: 12 September 18
#1
Exclamation  28 December 23, 16:31
Quote:Downfall, a popular mod for Slay The Spire, was hijacked by attackers. The developer of the mod has published some details about what happened.

While it is not the first time a mod on Steam Workshop has been infected, this is perhaps the most notable security incident related to mods available on the platform. It is kind of shocking that hackers have targeted a free mod to distribute malware. Naturally, some users are worried whether such issues could arise with other games. Some people have questioned how this was possible in the first place, and why Valve did not have a security system in place to prevent such risks.

The main problem with software and games distributed on Steam, is auto-updates. While automatic installation of updates is usually beneficial, i.e. you get bug fixes faster, sometimes these can become a pain, if they introduce more bugs, or in this case an actual security risk. Sadly, there is no option to disable auto-updates on Steam, so once a game or a mod is updated, it is automatically downloaded to your PC. And, without installing the latest update, you cannot launch the game.

Coming back to the mod that had been hijacked, it appears that not all users of the Downfall mod were impacted by the attack. The announcement by the mod's developer has some details about how users were affected by the malware.

[Image: Downfall-mod-for-Slay-the-Spire.jpg]

Downfall mod for Slay the Spire was hacked to spread malware

Table 9 Studio, the developers of the Downfall mod, say that they experienced a security breach at about 1:20 PM (18:20 UTC+0) on December 25. The hackers had hijacked the developer's Steam and Discount accounts. Though the game devs had managed to recover their Steam account late in the evening, the damage had already been done (at around 1:30 PM to 2:30 PM Eastern on 12/25). The attackers uploaded files that contained malware to the developer's Steam library. The developers say that they were able to contain the breach before they could recover the accounts.

Users need not worry if they did not launch Downfall during the breach window, even if the mod was updated automatically. Players who had accessed Downfall via Steam Workshop, i.e. by launching Slay the Spire, are also not affected. In general, if the game looked normal when you launched it, you were not affected. If you were unable to launch Downfall due to a no .exe found error, don't panic, because this was the developer's way to prevent the malware from affecting users. Some users may have seen a command-prompt like screen with some text on it, this was the Java log which was accidentally made visible when the developers restored the game.
...
Continue Reading
[-] The following 1 user says Thank You to harlan4096 for this post:
  â€˘ ismail
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Windows 11 KB5048685 Update causes Wi-Fi...
The KB5048685 Upda...harlan4096 — 12:36
Windows 11: issue may prevent further in...
The latest version...harlan4096 — 08:47
Notepad++ v8.7.5 (2024-12-25)
Notepad++ v8.7.5 (...harlan4096 — 08:16
AdGuard for Mac 2.16.2
AdGuard for Mac 2....harlan4096 — 08:13
AdGuard Browser Extension 5.0.178 (MV3)
AdGuard Browser Ex...harlan4096 — 08:12

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>