News Steam game mod delivered malware on Christmas Day - Epsilon Information Stealer was hidden in a Slay the Spire expansion

[Admin]

The Downfall developer's hacked Steam account was used to change the mod installation file and embed 'Epsilon Information Stealer' in an attempt to get passwords and cookies from unsuspecting gamers.

Steam game mod delivered malware on Christmas Day - Epsilon Information Stealer was hidden in a Slay the Spire expansion : Read more

 

[ezst036]

Would this affect both Windows and Linux? I honestly do not know.

 

[MiniITXEconomy]

"It's always a good idea to use two-factor authentication," especially when Valve doesn't give two figs if your account is compromised, or not, they'll perma-ban it if they catch ANYONE doing shady crap with it. Enabling that should've been something you did, yesterday.

sigh we give these store fronts entirely too much power.

 

[Sleepy_Hollowed]

I don't have a store on their system, but I'm amazed they don't have an option of proactive scanning for malware.

I'm almost certain they don't because the big 3 of cloud don't have that option on their storage that you can just switch on (they have a tutorial for you deploying your own with ClamAV of all things which is hard to configure).

I'm guessing that if you use an OS for gaming, you might not want to put valuable data there and treat it as a dumb console, and it's a nice use case for the game wallets using a safe transfer method.

 

[USAFRet]

but I'm amazed they don't have an option of proactive scanning for malware.

They almost certainly do.

But no identification, detection, eradication, prevention is 100% correct, all the time.
Unfortunately, things do slip through.

 

[z0d]

First time I've heard of this, been gaming in Steam for 15 yrs now.

 

[punkncat]

I will happily admit a sense of relief that more downloads weren't compromised. With the sales that Steam and other launchers have been running, I have downloaded more in this December past than many years prior.

 

[Heat_Fan89]

This is the reason why I don't save my credit card info with Steam, Epic or with Sony and Nintendo. I also don't use a Microsoft sign in with my gaming rigs.