PC gaming mouse ‘n’ keeb manufacturers Endgame Gear have admitted to and apologised for unknowingly spreading malware, after an infected version of the OP1w 4k v2’s Configuration Tool software was left available to download from their website.
After Reddit user Admirable-Raccoon597 raised the alarm, having installed the Configuration Tool and found the malware hiding inside, German tech site Igor’s Lab confirmed that the publically available application had been compromised for at least two weeks. Endgame Gear have since replaced the dirty software with an apparently safe version, and today shared a post admitting the oversight – though claimed no sensitive data was stolen via the server infrastructure that was hosting it.
“We became aware of this situation involving one of our product pages through online discussions,” the statement reads. “Following this, we initiated an internal review to better understand the circumstances and address any potential issues. A clean version of the affected file was immediately published as soon as we identified the situation.
“Importantly, access to our file servers was not compromised, and no customer data was accessible or affected on our servers at any time.”
The post adds that the company “sincerely regret this incident and deeply apologise for any concern or inconvenience it may have caused. For Endgame Gear, the security and trust of our customers are paramount. We are fully committed to continuously improving our security protocols to prevent such events from occurring again.”
The malware in question, Xred, is a particularly nasty strain: it’s a remote access trojan (RAT) that, if allowed to propagate through a PC system, would allow an attacker to take control and do all kinds of unsavoury things, from nicking passwords and spying through webcams to replacing RPS with PC Gamer in your browser bookmarks. Truly heinous stuff. Luckily it’s also known to Internet security suites, so most firewalls should pick it up – though Admirable-Raccoon597’s post doesn’t mention being warned before executing the infected software.
It’s also not terribly reassuring that Endgame Gear’s statement neglects to identify the breach that saw their innocuous mouse utility fouled by Xred in the first place. The company has at least implemented a variety of additional anti-malware measures, though without users knowing that the specific hole has been plugged, they may have some trouble earning back trust, even if no personal details were pinched from the hosting servers directly.
If you own an OP1w 4k v2 and downloaded its Configuration Tool between June 26th and July 9th, do follow the steps in Endgame Gear’s post to identify and remove any trojany files. Because, yeesh. The worst thing my mouse does to me is blink its lights for no reason, and that still runs me ragged; if it started letting crims seize control of my PC, one of my windows would spontaneously develop a visibly mouse-shaped hole.
