Gacha Game Apologizes For Giving Players Malware With Some Free Loot Boxes

The team behind Duet Night Abyss, a free-to-play gacha RPG from developer Pan Studio and publisher Hero Games, has apologised for a “cybersecurity incident” that occurred last night, on March 18, which resulted in countless players’ PCs becoming infected with malware. According to Duet Night Abyss’ official statement, the “malicious attack” was spread through an update via the game’s launcher.

The issue was spotted by players roughly 24 hours ago and, according to those who were lucky enough to have it quarantined by their anti-virus software, the malware in question is called “Trojan:MSIL/UmbralStealer.DG!MTB.” I’ve done a bit of light research on the Trojan, and it’s a nasty one. However, it’s also quite old by the looks of it, which means that it was easily identifiable by users’ anti-virus programs.

“Umbral Stealer” is an infostealer virus that can record keystrokes and take screenshots. In basic terms, it attempts to harvest sensitive information from the machines it infects, as it’s primarily geared towards stealing users’ passwords and cryptocurrency. The virus was distributed via a patch to Duet Night Abyss’ launcher, which went live on Steam at 7:39 am UTC on March 18.

“Even after the initial breach, persistent attempts to continue the attack and spread misinformation have occurred. We strongly condemn these actions. As security is a vital pillar of a live product, this incident has served as a serious wake-up call for our team,” reads the statement shared on Duet Night Abyss’ X account. The statement also says that players will be rewarded with “Commission Manual: Volume III*5, Prismatic Hourglass*10” as a way of further apology, which apparently amounts to ten free random skins.

While the team also stated that several “security enhancements” have been implemented to stop further attacks in the future, fans don’t seem too convinced. That’s likely because this is actually the second time that Duet Night Abyss has been compromised in the last month, as another malware attack was distributed through the launcher in late February. However, the last attack was far less malicious, seemingly designed more as a warning to the developers, and simply instructed players to play Genshin Impact instead.