BleepingComputer reports that the well-received indie strategy game “Slay the Spire” had its fan-made expansion dubbed “Downfall” compromised on Christmas to distribute the Epsilon information-stealing malware. Installation of Epsilon infostealer enabled exfiltration of browser-stored data, including passwords, credit cards, and cookies, as well as information from Steam and Discord.
Files with “password” in filenames and other credentials in Telegram and the local Windows login are also being scoured by the malware, which has been usually leveraged to target Discord gamers. Developer Michael Mayhem said that security systems were not able to detect one of the impacted devices.
“This has led us to believe it was a token hijack instead (as suggested to us by a security professional), designed specifically to hijack Steam and use it to upload and Discord to prevent warning users, but that at the moment is just speculation,” said Mayhem. Immediate password changes have been recommended for all Downfall users.