• Rentlar
    link
    fedilink
    1411 months ago

    The app affected is the prepackaged version of the Downfall Mod with Slay the Spire, not the Steam Workshop version, apparently. (I have the Downfall mod but didn’t know the pre-packaged version was a thing!)

    “The breach window was roughly 1:30 PM-2:30 PM Eastern (1830-1930 UTC+0) on 12/25. If you did launch Downfall on 12/25 during the breach window and got a Unity library installer popup, please continue to read. You may be also at risk. The security breach allowed a malicious upload to replace the Downfall packaged game,” Mayhem said in a statement published on Wednesday.

  • SadSadSatellite
    link
    fedilink
    911 months ago

    Shit, I don’t remember if I downloaded that or not. I think I was trying to beat the hell out of vanilla first.

    • FlumPHP
      link
      fedilink
      1211 months ago

      Make sure you check the statement. You’d have to have launched the mod in a specific way during a specific time window

  • @gibmiser
    link
    411 months ago

    Man I have been clear of any real issues for a long time, this one has my anxiety spiking as someone who installed a lot of steam games…

    • @money_loo
      link
      -811 months ago

      Use 2fa and you should be fine.

      • @Reddfugee42
        link
        1211 months ago

        That has nothing to do with this situation tho

        • @money_loo
          link
          311 months ago

          Shit, my bad. Classic case of “rtfa”.

  • Nik282000
    link
    fedilink
    011 months ago

    I love Steam and wouldn’t lay the blame for this on them but this is why you need to use trusted software sources and isolate machines that use less trustable software.

      • Nik282000
        link
        fedilink
        311 months ago

        Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.

        The publisher got pwnd and the malware got pushed out over Steam. No different from someone publishing a malicious game directly.