If we talk about video games we have to talk about Steam, the largest video game distribution platform in the world, and, although it is not the only one, it is the most popular and as is usually the In such cases, other people’s friends try to take advantage of this to spread malware.
This is the same problem that Windows faces, since it is the operating system with the largest market share in the world. By being present on more devices, the chances of reaching more victims are much greater than if they focused their activity on macOS or Linux.
In addition to video games, through Steam we can also download a large number of mods to personalize our gaming experience, mods that are usually created by the community and can be downloaded for free.
However, they are also a commonly used method by strangers, especially when distributed through third-party websites, where there is no type of control over the content available.
A common way to infect computers
A few days ago, a group of hackers accessed the servers where the Downfall mod is stored, a free mod for the title Kill the arrowone of the highest rated card games on Steam and created by an independent studio.
Strangers accessed the files of this mod and included malware identified as Epsilon Information Stealer. As we can deduce from the name of this mod, it is a tool responsible for stealing user information and passwords stored in any browser and applications such as Discord and Steam, among others.
Fortunately, the developers of this mod quickly realized that something was not working correctly and the mod with this malware was only available for one hour approximately. This developer also specifies that if as soon as you open Steam, a Unity pop-up window appears, the password should be changed, as long as the account does not have two-factor authentication enabled.
Steam provides developers with a large number of tools so that any company can distribute their titles through this platform, a platform that millions of users trust because it is the fastest and fastest way. safest to install games as well as we can do it from the developer’s servers.
However, Steam does not analyze the content of the available titles, a job that logically falls to its creator. Since last October, Steam has added a verification system to prevent anyone with access to a developer’s Steam login credentials from downloading files without their permission.
In this case, outsiders accessed the server the mod was on and modified it before it was uploaded for distribution via Steam. Luckily, as we mentioned above, this Slay the Spire mod was only available for 1 hour, so the number of people potentially affected It’s very smallsince, in addition, its distribution took place on Christmas Day.
