ajitkda.lol

ajitkda Blog

News

Slay the Spire Downfall Mod Suffered Security Breach and Some Users May Be at Risk

tubemate

The developer of the popular user-made expansion Downfall for Slay the Spire announced that on Christmas day they suffered a security breach. 

According to the announcement, the developers’ Steam and Discord accounts have been hijacked, and while the breach has been contained relatively quickly, it had consequences.

Malicious actors managed to deploy their own malware on the PCs of some affected Slay the Spire users who played Downfall yesterday. 

Here’s a list of cases that may help you find out if you’re affected:

  • If you did not launch Downfall yesterday, you’re clear.
  • If you got an automatic update for Downfall yesterday but did NOT launch, you’re clear.
  • If you launched Downfall via the Steam Workshop (meaning you actually launched Slay the Spire), you’re clear.
  • If you did launch Downfall yesterday and succeeded and everything looked normal, you’re clear.
  • If you did launch Downfall yesterday and saw a command-prompt like screen, that starting spitting out a bunch of text, you’re in the clear. That was actually just the Java log which we usually keep hidden, but accidentally left visible when we restored the game.
  • If you did launch Downfall yesterday and got a ‘no .exe found’ type of error, you’re clear. That was us exploding the game to prevent anyone else from being affected.
  • f you did launch Downfall yesterday and got a Unity library installer popup, please continue to read. You may be also at risk.

If you are affected, but had an antivirus software active, it may not have managed to stop the malware from executing but may have managed to block it from sending the data it stole. 

Specifically, the payload attempted to scrape passwords from browsers, Discord, and a few other applications: Windows local login, Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi, Telegram, Discord, and files that might contain the word ‘password’ (if ‘password’ is in the filename).

Those who saw the Unity popup are encouraged to change important passwords, especially if not protected by two-factor authentication. A wipe of the drives affected is also something the developers advise for those who want peace of mind. More information on the behavior of the malware can be found in the official announcement. 

The creator of the mod Michael Mayhem apologized to those affected and mentioned that now Downfall is safe to download and play again. 

Slay the Spire is a roguelike deck-building game available for PC, Switch, iOS, Android, PS4, and Xbox One, albeit, of course, only the PC version is affected by today’s news. 

If you’d like to learn more about the game, you can read our review, which awarded it with a 9.5 out of 10. 

Related Posts

Nothing Phone 2A Arrives to MWC 2024 Ahead of March 5 Reveal

The Nothing Phone 2A is making a late arrival to Mobile World Congress in Barcelona, unveiling its full design while saving the rest of its details for a March 5 reveal event. The phone arrived to the convention floor on Tuesday and was followed Wednesday with an unboxing video posted to Nothing’s YouTube channel. The […]

Se7en getting 4K remaster with a special box edition

David Fincher’s iconic thriller Se7en is finally getting a 4K remaster, and what’s more – it’s also getting a glorious box edition. Fans of the iconic thriller – which created an early meme around its spectacular climax – will be delighted with both the 4K remaster and its actual “What’s in the Box” Edition. Warner […]

Sonic Superstars Switch gameplay

Gameplay has been released specifically for the Switch version of Sonic Superstars. A half hour of footage is now available. Here’s the official eShop description with more details about the title: Adventure through the mystical Northstar Islands in this all-new take on classic 2D Sonic high-speed action platforming. Play as Sonic, Tails, Knuckles, and Amy and […]