Game mod on Steam breached to push password-stealing malware

The fan expansion of indie strategy game Slay the Spire, Downfall, was breached on Christmas Day, targeting users with Epsilon malware through the Steam update system. The attackers hijacked the mod’s Steam account to disseminate the malware, which collects passwords, credit card details, and authentication cookies. Downfall users are advised to change all vital passwords. The suspected threat actor behind the attack may have also targeted other games and game developers.