Malicious gift: Christmas mod for Steam game hides Epsilon Information Stealer.

January 1, 2024
1 min read

Over Christmas, attackers gained access to the Downfall developer’s Steam account and compromised game downloads with a piece of malware called Epsilon Information Stealer. The malware was distributed through a mod on Steam for the indie game Slay the Spire. It infected the prepackaged standalone modified version of the mod, not the mod installed via Steam Workshop. The malware can steal passwords from internet browsers, cookies, Discord, Steam, and Telegram. The developer of Downfall recommends that affected users change their passwords and ensure their live protection is active. It’s important to use two-factor authentication for added security. This incident highlights the rise in information-stealing malware being spread through game community mods.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and