Highlights
- The popular Slay the Spire mod called Downfall was recently hacked, spreading malware through Steam, potentially impacting players who downloaded the mod.
- The Downfall mod, released in 2017, was praised for its full-featured campaign, alternative campaign, seven new characters, and fresh content for hardcore players.
- The creators of the Downfall mod discovered a security breach during Christmas, where a malicious file was uploaded, attempting to steal user passwords from browsers and services like Discord and Telegram.
A popular Slay the Spire mod called Downfall has been recently hacked, spreading malware to players via Steam. Released back in 2017, Slay the Spire is an excellent deck-builder game with a large player base and several mods, and this security breach could have impacted any those who played Downfall.
Downfall is often considered one of the best Slay the Spire mods. This full-featured campaign was released as a “free expansion” on Steam two years ago, and it includes an alternative campaign, as well as seven new characters and fresh content for hardcore players.
Beginner Tips For Slay The Spire You Need To Know
Roguelike fans planning on tackling Slay the Spire will need to know a few helpful beginner tips to get a good start.
Now, the creators of the Downfall mod revealed via a Steam post that their project suffered a security breach during Christmas. At the time, someone uploaded a malicious file to the mod, which stayed active for around an hour. Members of the team had their Steam and Discord accounts hijacked, which limited their ability to warn the community quickly. If a player opened the infected Slay the Spire mod, they would see a Unity library popup. The malware would try to steal the user’s passwords from their internet browser or services such as Discord and Telegram.
According to the mod’s creators, most antivirus programs would not prevent the malware from being executed, but would also not allow the information with the passwords to be sent to the hackers. Users who saw the popup are recommended to change all their passwords, set up two-factor authentication, and avoid clicking on the malicious files while they are connected to the internet. Players who were not affected by the issue do not need to worry anymore, though, as Downfall has already been patched and is clean again.
Due to problems similar to this one, Valve improved Steam’s security back in October by implementing a new authentication system. By requiring creators to always use two-factor authentication, Valve aimed to make it less likely that they would be hacked, and this could prevent more cases of malicious updates. It’s not clear how the hackers circumvented this to hack the accounts of the mod makers, though.
Unfortunately, hacks such as this one often happen in the gaming world, especially in projects like mods due to their lack of security and often being developed by large groups of people. Back in June, several Minecraft mods were infected with malware, including entries such as Better Minecraft, Dungeons Arise, Sky Villages, Dunigeonz, Display Entity Editor, Haven Elytra, and others. The mods were fixed soon after the breach, but this did not stop the hackers from affecting some players as they did with Slay the Spire’s mod.
Slay the Spire
Slay the Spire was developed by MegaCrit and is a roguelike deck-building game with similarities to the pioneer of deck-building games, Dominion.
Slay the Spire was nominated for PC Game of the Year at the 2019 Golden Joystick Awards, though it lost out to World of Warcraft Classic.
- Released
- January 23, 2019
- Developer(s)
- MegaCrit
- Publisher(s)
- Humble Bundle
- Genre(s)
- Roguelike , Deckbuilding
