Gaming peripheral producer Endgame Gear has confirmed that hackers efficiently compromised its official software program distribution system, utilizing the corporate’s OP1w 4K V2 mouse configuration device to unfold harmful Xred malware to unsuspecting clients for practically two weeks.
The safety breach, which occurred between June 26 and July 9, 2025, represents a troubling instance of provide chain assaults focusing on the gaming trade. The malware-infected software program was distributed straight from Endgame Gear’s official product web page, making it notably tough for customers to detect the risk.
The incident got here to gentle when Reddit customers within the MouseReview group reported suspicious habits after downloading the legitimate-looking configuration device. Person Admirable-Raccoon597, who first recognized the compromise, famous that the contaminated file got here “from the official vendor web page” fairly than any third-party supply.
Gaming Mouse Software program Compromise
The malware payload was recognized as Xred, a classy Home windows-based backdoor that has been circulating since a minimum of 2019. This distant entry trojan possesses in depth capabilities designed to compromise sufferer techniques comprehensively.
Xred collects delicate system info, together with MAC addresses, usernames, and pc names, transmitting this knowledge to attackers by way of SMTP electronic mail addresses hardcoded into the malware.
The malware’s persistence mechanisms are notably regarding. As soon as executed, Xred creates a hidden listing at C:ProgramDataSynaptics and establishes a Home windows Registry Run key to keep up a everlasting presence on contaminated techniques. It masquerades as respectable Synaptics trackpad driver software program, making detection tougher for customers.
Past fundamental knowledge theft, Xred contains keylogging performance by means of keyboard hooking methods, doubtlessly capturing banking credentials and different delicate info.
The malware additionally demonstrates worm-like habits, spreading by means of USB drives by creating an autorun.inf recordsdata and infecting Excel recordsdata with malicious VBA macros.
Endgame Gear changed the contaminated recordsdata with clear variations on July 17 with out issuing public warnings or acknowledging the breach.
The corporate launched an official safety assertion confirming the incident. The corporate acknowledged that “entry to our file servers was not compromised, and no buyer knowledge was accessible or affected on our servers at any time”.
The producer has since applied a number of safety enhancements, together with extra malware scanning procedures, bolstered anti-malware protections on internet hosting servers, and plans so as to add digital signatures to all software program recordsdata.
Expertise sooner, extra correct phishing detection and enhanced safety for what you are promoting with real-time sandbox analysis-> Strive ANY.RUN now
