Players of the free-to-play gacha title Duet Night Abyss may have noticed their computer's security software triggering warnings after installing the most recent patch just a few evenings back. If no alerts appeared, running a security check is advisable. The game's creators have acknowledged that cybercriminals compromised the launcher, embedding keylogger malware within it.
Community members shared Windows Defender notifications on the Duet Night Abyss subreddit on March 18, revealing the detection of the Umbral Stealer trojan after the update. The studio verified the security breach, releasing records of early warnings, corrective actions taken, and plans to enhance protections moving ahead.
Concluding their announcement, the team noted that players would receive five copies of Commission Manual: Volume III and ten Prismatic Hourglasses, items that according to Kotaku translate to ten randomized character skins. While this gesture provides some incentive, it offers little solace for those potentially facing stolen personal data, such as banking details captured by the keylogger.
Duet Night Abyss, a mobile-style gacha experience akin to Genshin Impact, supports Windows, Android, and iOS platforms and has attracted over one million sign-ups since its release in the closing months of last year. This marks the second such intrusion for the title, following an earlier breach weeks prior when an intruder accessed the update mechanism to highlight Pan Games' obsolete safeguards and include some pointed critiques, without distributing harmful code.
The game can be accessed through Steam for download and play, though the recent compromise focused on its independent update tool and launcher. Nonetheless, Steam has emerged as a prime vector for threats in the PC gaming space, where millions authenticate and acquire titles daily, with free-to-play and early-access offerings posing particular risks for malware distribution.