Proprietary 2024-02-15 · 1 day ·Credential Theft, Data Theft

Bean Battles Steam update carried trojan

A compromised Bean Battles Steam account reportedly pushed a February 2024 update that installed a trojan and targeted Steam and Discord accounts.

Story

Bean Battles is a small Steam game, and the public evidence is thinner than for Downfall or Traffic. The useful signal is consistent: Steam community and subreddit posts on February 15, 2024 warned that the developer's Steam account had been hacked and that a new update was malware.

The reported payload was described by players as a trojan or Epsilon Stealer. Community reports said the malware triggered when the game was run, hijacked Steam and Discord accounts, and led victims to treat saved browser credentials as exposed.

A later Steam discussion comment quoted the Bean Battles Discord saying the game was safe again on February 16, 2024, after users were told to fully uninstall before reinstalling. This record is included because the attack path matches our scope: the official Steam update channel for a real game appears to have delivered the payload.

The uncertainty stays explicit. This is not modeled with the same confidence as incidents backed by vendor advisories or malware writeups, but it is still useful evidence for the pattern of compromised game distribution accounts turning a normal update into credential-stealing code.

Affected Artifacts

app/765410

steam · store.steampowered.com · Binary Archive
Observed
2024-02-15 to 2024-02-16
Compromised Versions
Unknown
Fixed
Not listed
Evidence
distribution: store.steampowered.com/app/765410/Bean_Battles, mirror: steamcommunity.com/app/765410/discussions/0/6407003171824424754, malware: Epsilon Stealer, observable: Community reports said the malicious update hijacked Steam and Discord accounts after the game was run.
  • This record relies on community evidence rather than a formal vendor or security report; the compromised Steam update path is the part most directly supported by the available sources.

Incident Context

Motive
Credential Theft
Cause
Compromised Account Credentials
Transitive
No

External References

Source record: proprietary/bean-battles/meta.yaml