Hackers Injected Malware Into A Popular Game Mod On Steam, What You Need To Know

Downfall, a standalone steam mod for the popular Slay the Spire game, got hit with a security breach on Christmas day. An attacker replaced the legitimate game download with a malicious one, which was available to users on Steam’s library for roughly an hour. However, the mod’s developer is now back in control and the game is once again safe to download.

According to the statement released by the developer regarding the breach, “our Steam and Discord accounts were hijacked, and though the Steam accounts were able to be recovered late in the evening, we were limited in our ability to warn or communicate immediately following the breach. Fortunately, we were able to contain the actual breach much more quickly than the amount of time it took to recover the accounts.”

The developer also shared some details regarding the malicious software and what it attempts to do when installed on a system. It appears as if the main aim is to steal user credentials, namely from web browsers along with applications such as Discord. Even files with a name associated with the word password are a target.


To try and put users’ minds at ease the developer shared some of the steps taken to ensure this type of event doesn’t happen again. They state that “we purged the affected hardware that was breached completely, a full hard drive wipe. We've also added additional security and are in the process of transferring ownership of Downfall to a dedicated Steam account that solely is responsible for uploading to it and is never used or logged in for any other purpose.”

Unfortunately, this won’t be the last time this type of breach occurs. Malicious actors are always looking for ways to compromise systems, and mod developers probably look like easy targets. Hopefully Valve can figure out a way to help developers better secure their projects.