A couple of days ago, attackers gained access to the STEAM accounting developer Downloadfall and compromised the loading of games using malicious software Epsilon Information Stealer. Downfall is a free fan mod available in Steam for Indie Glass Slay The Spire.
The harmful program infected only a pre -packed autonomous modified version of downloadfall, and not the mod installed through Steam Workshop, and the loading from malicious software was available only for an hour before it was eliminated.
The Epsilon Information Stealer virus can be used to steal passwords by infected user from installed Internet browsers, Cook, Discord, Steam files and information stored in Telegram.
"One of our devices was infected with malicious software, which was not marked or blocked by a security system that we used on it. As far as it is known, it was not malicious software for stealing passwords, as two -factor authentication (2FA) does, without determining or stopping this, but all hacking accounts were under different email addresses, and not one of these addresses itself He was not stolen" – Downfall developer told Bleeping Computer, but then quickly added that they could not be sure until a professional assessment is conducted.
The developer published a message about this incident on Steam, recommending to players who saw the pop -up Unity window to change passwords, especially users without two -factor authentication, and added: they added:
“Any account should be configured and turned on for mobile two -factor authentication. You must also be sure that your online defense is active and run scanning. Although for complete calm, it is preferable to reset the settings and erase all the discs of infected equipment “.
The developer also said that they can be contacted through Discord if the victim user needs help. It is always useful to use a double authentication system to ensure security by default.
Epsilon Information Stealer is usually used for attacks using game community mods. Typically, Discord gamers are forced to set this malicious software, and the attacker pretends that loading is a complement or test assembly of the game, and they need help in searching for errors.
Recently, there has been an increase in the use of autonomous and third -party mods to spread malicious programs that steal information. For example, attackers previously preferred mods Minecraft for the deployment of malicious BLEEDING PIPE among nothing suspecting users.
Since October, Steam requires developers to use a SMS security system to prevent the loading of compromised files. It is interesting to see the final “Professional assessment of the investigation”, To find out how this whole path has passed "Epsilonian abductor of information".