Popular Slay The Spire mod Downfall was hijacked to spread malware through Steam

Slay The Spire mod Downfall suffered a “security breach” on Christmas day which allowed hackers to distribute malware through Steam, the builders of the mod say. The malware makes an attempt to steal customers’ passwords from their web browser, in addition to passwords for messaging providers Telegram and Discord.
Affected customers would have seen a “Unity library installer popup” upon launching Downfall throughout the hijack. The hack was reversed as of round 1:40pm ET (6:40pm GMT) on December 25th, according to the announcement.
“Most Antiviruses seem to have not stopped the malware specifically from executing, but do stop its payload from being sent across the internet. This means you aren’t automatically damaged by the attack,” say the builders.
“The payload it tries to scrape and generate involves passwords, specifically from your browsers, Discord, and a few other applications: Windows local login, Google Chrome, Yandex, Microsoft Edge, Mozilla Firefox, Brave, Vivaldi, Telegram, Discord, and files that might contain the word ‘password’ (if ‘password’ is in the filename).”
Users have reported information created by the malware showing in numerous places on their exhausting drives, a few of that are included within the announcement. The builders suggest solely investigating suspicious information whereas disconnected from the web. Those who noticed the Unity popup must also change “important passwords, particularly ones that are not set up for 2FA (2-factor authentification).”
Downfall is a large, widespread Slay The Spire mod that provides new playable characters, a brand new mode, and extra. Its builders have since began work on Tales & Tactics, a standalone auto-battling Chess roguelike.