Downfall fan mod for Slay the Spire roguelike card game infected with Epsilon bug

Downfall fan mod for Slay the Spire roguelike card game infected with Epsilon bug

On Steam, the developer of the Downfall fan mod for the roguelike card game Slay the Spire said the mod was vulnerable to hacking. Instead of updating the mod, users got Epsilon Malware (MWPO). Cybercriminals hacked the Steam and Discord of one of the Downfall developers and gained access to the mod’s Steam account.

The Epsilon styler is a data-stealing malware sold through Telegram and Discord. VPO is used to attack gamers through Discord. Using phishing or social engineering, the user is persuaded to install the Epsilon malware as a test version of a new game. The malware starts running in the background and steals users’ passwords, bank card details and authentication cookies. It searches for various data including local Windows and Telegram data. Malware can also collect documents if the names contain the word “password”.

The author of Downfall revealed that the hacked package was a repackaged and modified standalone version of the original game, not its mod, which is installed via the Steam Workshop. According to the developer, the hack happened around noon on December 25, 2023. After being installed on a compromised computer, VPO begins to collect cookies, information from Steam and Discord, steals saved passwords and bank card data from various browsers (Google Chrome, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi, even “Yandex Browser” and many others ).

On Steam, affected users reported that the VPO masquerades as either the Windows Boot Manager application located in the AppData folder, or as UnityLibManager installed in the Roaming subfolder of the AppData folder.

The developer advised all Downfal users who may have downloaded the VPO, especially if they saw the Unity pop-up, to change their passwords, including those not protected by two-factor authentication.

Related posts