Summary
A popularSlay the Spiremod calledDownfallhas been recently hacked, spreading malware to players via Steam. Released back in 2017,Slay the Spireis anexcellent deck-builder gamewith a large player base and several mods, and this security breach could have impacted any those who playedDownfall.
Downfallis often considered one ofthe bestSlay the Spiremods. This full-featured campaign was released as a “free expansion” on Steam two years ago, and it includes an alternative campaign, as well as seven new characters and fresh content for hardcore players.
Now, the creators of theDownfallmodrevealed via a Steam postthat their project suffered a security breach during Christmas. At the time, someone uploaded a malicious file to the mod, which stayed active for around an hour. Members of the team had their Steam and Discord accounts hijacked, which limited their ability to warn the community quickly. If a player opened the infectedSlay the Spiremod, they would see a Unity library popup. The malware would try to steal the user’s passwords from their internet browser or services such as Discord and Telegram.
According to the mod’s creators, most antivirus programs would not prevent the malware from being executed, but would also not allow the information with the passwords to be sent to the hackers. Users who saw the popup are recommended to change all their passwords, set up two-factor authentication, and avoid clicking on the malicious files while they are connected to the internet. Players who were not affected by the issue do not need to worry anymore, though, asDownfallhas already been patched and is clean again.
Due to problems similar to this one,Valve improved Steam’s securityback in October by implementing a new authentication system. By requiring creators to always use two-factor authentication, Valve aimed to make it less likely that they would be hacked, and this could prevent more cases of malicious updates. It’s not clear how the hackers circumvented this to hack the accounts of the mod makers, though.
Unfortunately, hacks such as this one often happen in the gaming world, especially in projects like mods due to their lack of security and often being developed by large groups of people. Back in June,severalMinecraftmods were infected with malware, including entries such as Better Minecraft, Dungeons Arise, Sky Villages, Dunigeonz, Display Entity Editor, Haven Elytra, and others. The mods were fixed soon after the breach, but this did not stop the hackers from affecting some players as they did withSlay the Spire’s mod.
Slay the Spire
WHERE TO PLAY
We fused card games and roguelikes together to make the best single player deckbuilder we could. Craft a unique deck, encounter bizarre creatures, discover relics of immense power, and Slay the Spire!Choose your cards wisely! Discover hundreds of cards to add to your deck with each attempt at climbing the Spire. Select cards that work together to efficiently dispatch foes and reach the topWhenever you embark on a journey up the Spire, the layout differs each time. Choose a risky or safe path, face different enemies, choose different cards, discover different relics, and even fight different bosses!Powerful items known as relics can be found throughout the Spire. The effects of these relics can greatly enhance your deck through powerful interactions. But beware, obtaining a relic may cost you more than just gold…
