Duet Night Abyss Players Hit by Malware in Latest Security Breach

On March 18, the free‑to‑play gacha RPG Duet Night Abyss suffered a serious security incident that infected hundreds of players’ computers with a malicious Trojan. The attack was delivered through an update pushed to the game’s launcher, raising immediate concerns about the safety of the game’s community and the integrity of its digital distribution platform.

What Happened?

Players began reporting strange behaviour in the days following the launch of the March 18 update. Those who had up‑to‑date antivirus software detected a threat named Trojan:MSIL/UmbralStealer.DG!MTB. The malware is an infostealer that records keystrokes, captures screenshots, and harvests sensitive data such as passwords and cryptocurrency wallet information. Because the Trojan is relatively old, most modern security suites were able to quarantine it before it could cause lasting damage.

How the Malware Spreads

The malicious code was embedded in a patch that users downloaded automatically through the Duet Night Abyss launcher. The patch went live on Steam at 7:39 am UTC on March 18. Once the launcher updated, the Trojan executed in the background, silently collecting data before the user even noticed. The attack was not limited to a single file; it spread through the launcher’s update mechanism, allowing the developers to push the malware to a large number of players in a single action.

What Players Should Do

If you play Duet Night Abyss or have installed the game’s launcher, follow these steps immediately:

• Run a full system scan with a reputable antivirus or anti‑malware program.
• Update your operating system and all installed software to the latest security patches.
• Change all passwords that might have been used on the infected machine, especially those related to gaming accounts and cryptocurrency wallets.
• Enable two‑factor authentication on all accounts where it is available.
• Uninstall the game and launcher, then reinstall from a fresh download on the official Steam page.
• Monitor your bank and crypto accounts for any unauthorized activity.

Company Response and Future Safeguards

Pan Studio and publisher Hero Games issued an apology on the game’s X account, acknowledging the breach and condemning the malicious activity. They announced that several “security enhancements” have been implemented to prevent future incidents. As a gesture of goodwill, affected players will receive a reward package that includes five copies of Commission Manual: Volume III and ten free random skins, known as Prismatic Hourglass.

However, the incident is not the first of its kind. In