Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.
The app affected is the prepackaged version of the Downfall Mod with Slay the Spire, not the Steam Workshop version, apparently. (I have the Downfall mod but didn’t know the pre-packaged version was a thing!)
“The breach window was roughly 1:30 PM-2:30 PM Eastern (1830-1930 UTC+0) on 12/25. If you did launch Downfall on 12/25 during the breach window and got a Unity library installer popup, please continue to read. You may be also at risk. The security breach allowed a malicious upload to replace the Downfall packaged game,” Mayhem said in a statement published on Wednesday.
The app affected is the prepackaged version of the Downfall Mod with Slay the Spire, not the Steam Workshop version, apparently. (I have the Downfall mod but didn’t know the pre-packaged version was a thing!)