Game mod on Steam breached to push password-stealing malware

The fan expansion Downfall for the game Slay the Spire was breached on Christmas Day, pushing the Epsilon information stealer malware via the Steam update system. Developer Michael Mayhem revealed the breach compromised a standalone version of the game, not a mod via Steam Workshop, and may have involved a token hijack. Epsilon Stealer is an information-stealing malware that’s sold via Telegram and Discord, often targeting gamers.