The creators of free-to-play gacha RPG Duet Night Abyss have publicly apologized for a "cybersecurity incident" that saw players' PCs infected with malware. The incident--which developer Pan Studio is calling a "malicious attack"--took place on March 18 and resulted in malware affecting an unknown number of players. Per a recent post from the official Duet Night Abyss X account, the malware was spread via an update patch for the game's launcher, which went live on Steam at 1:04 PT / 4:04 AM ET on March 18.
"First and foremost, we would like to express our deepest apologies for the cybersecurity incident that occurred yesterday," Pan Studio said in a post shared to both X and the game's Steam page. "Following the resolution of these temporary issues, we have conducted a full review and summary of the event."
Pan Studio's timeline says they became aware of the malware incident roughly 24 minutes after the launcher's update patch went live, and quickly began working on a fix, deploying an "emergency update" patch roughly two and a half hours after discovering the issue.
The virus in question is Trojan:MSIL/UmbralStealer.DG!MTB, an infostealer virus that can record keystrokes and webcam activity, take screenshots, and steal browser-stored credentials and cryptocurrency wallet information. It can also harvest session tokens from instant-messaging apps like Discord and Telegram, along with session tokens from popular games like Minecraft and Roblox.
"The root cause of this incident was a malicious attack originating from a specific region, targeting our internal office systems and live servers," Pan Studio explained. "Even after the initial breach, persistent attempts to continue the attack and spread misinformation have occurred. We strongly condemn these actions. As security is a vital pillar of a live product, this incident has served as a serious wake-up call for our team."
But the good news is that Umbral Stealer first appeared in 2023, which makes it quite old as far as Trojans go. This means that most players' antivirus software successfully quarantined the program as soon as it was detected. Naturally, the game's developers wanted to apologize to players for the security breach. In typical gacha game fashion, Pan Studio's apology will take the form of free gacha pulls.
Players can claim a total of 15 rewards:
To claim these items, players simply need to unlock the in-game Mail function and collect their rewards, which will be available to redeem until March 26 at 8:59 AM PT / 10:59 AM ET.
"The development team sincerely apologizes for the inconvenience and concern this incident has caused to players worldwide," the Pan Studio said. "We understand that apologies and compensation cannot immediately bridge the gap in trust; therefore, we humbly ask for your patience as we work to provide continuous, stable service to every player."
Source
"First and foremost, we would like to express our deepest apologies for the cybersecurity incident that occurred yesterday," Pan Studio said in a post shared to both X and the game's Steam page. "Following the resolution of these temporary issues, we have conducted a full review and summary of the event."
Pan Studio's timeline says they became aware of the malware incident roughly 24 minutes after the launcher's update patch went live, and quickly began working on a fix, deploying an "emergency update" patch roughly two and a half hours after discovering the issue.
The virus in question is Trojan:MSIL/UmbralStealer.DG!MTB, an infostealer virus that can record keystrokes and webcam activity, take screenshots, and steal browser-stored credentials and cryptocurrency wallet information. It can also harvest session tokens from instant-messaging apps like Discord and Telegram, along with session tokens from popular games like Minecraft and Roblox.
"The root cause of this incident was a malicious attack originating from a specific region, targeting our internal office systems and live servers," Pan Studio explained. "Even after the initial breach, persistent attempts to continue the attack and spread misinformation have occurred. We strongly condemn these actions. As security is a vital pillar of a live product, this incident has served as a serious wake-up call for our team."
But the good news is that Umbral Stealer first appeared in 2023, which makes it quite old as far as Trojans go. This means that most players' antivirus software successfully quarantined the program as soon as it was detected. Naturally, the game's developers wanted to apologize to players for the security breach. In typical gacha game fashion, Pan Studio's apology will take the form of free gacha pulls.
Players can claim a total of 15 rewards:
- 5 copies of Commission Manual: Volume III (used to boost rewards earned from "Covert Commissions" quests)
- 10 Prismatic Hourglasses (which equate to 10 free gacha pulls)
To claim these items, players simply need to unlock the in-game Mail function and collect their rewards, which will be available to redeem until March 26 at 8:59 AM PT / 10:59 AM ET.
"The development team sincerely apologizes for the inconvenience and concern this incident has caused to players worldwide," the Pan Studio said. "We understand that apologies and compensation cannot immediately bridge the gap in trust; therefore, we humbly ask for your patience as we work to provide continuous, stable service to every player."
Source