BleepingComputer reports that the well-received indie strategy game "Slay the Spire" had its fan-made expansion dubbed "Downfall" compromised on Christmas to distribute the Epsilon information-stealing malware.
Installation of Epsilon infostealer enabled exfiltration of browser-stored data, including passwords, credit cards, and cookies, as well as information from Steam and Discord. Files with "password" in filenames and other credentials in Telegram and the local Windows login are also being scoured by the malware, which has been usually leveraged to target Discord gamers.
Developer Michael Mayhem said that security systems were not able to detect one of the impacted devices.
"This has led us to believe it was a token hijack instead (as suggested to us by a security professional), designed specifically to hijack Steam and use it to upload and Discord to prevent warning users, but that at the moment is just speculation," said Mayhem.
Immediate password changes have been recommended for all Downfall users.
Such malware compromise, which was only identified in late September, has impacted login information, names, phone numbers, emails, shipping and billing addresses, and payment card details with CVV codes and expiration dates belonging to individuals who had visited the SelectBlinds website's check-out page.
Attacks involving Winos4.0 commence with the retrieval of a bogus BMP file and the eventual extraction of the "you.dll" file, which downloads additional files to facilitate the installation of API-loading shellcode and the launching of a DLL file that facilitates crash restarts, clipboard content recording, system information gathering, and crypto wallet extension and antivirus app monitoring.