Official Game Installs Malware

The video warns that the indie title “Do at Night Abyss” was compromised in a supply-chain attack, delivering the UmbrellaStealer info‑stealer to unsuspecting players. The breach did not require any user click; the malicious payload was bundled with the game’s installer.

UmbrellaStealer harvests browser cookies, saved passwords and other credentials, then ships the data to a Discord webhook. The malware is a lightweight C‑written stealer openly hosted on GitHub as an “educational” project, which criminals have repurposed for real theft. Windows Defender now flags it as “Trojan:ML/UmbrellaStealer,” though evasion remains trivial.

The developer’s response—labeling the incident an “irregular login” and offering loot boxes—was widely criticized as inadequate, especially after victims lost up to $10,000 in crypto. The video cites similar supply-chain incidents, such as a Call of Duty RCE and the HiddenTier ransomware proof‑of‑concept turned real threat.

The episode underscores the urgent need for game publishers to adopt robust software-supply security and for users to treat any downloaded executable as a potential vector. Immediate password resets, credential monitoring, and layered endpoint protection are essential to mitigate the fallout and restore trust in the gaming ecosystem.