2 min read

Compromised 2K Games Help Desk Used to Target Players with Malware

Vlad CONSTANTINESCU

September 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Compromised 2K Games Help Desk Used to Target Players with Malware

US-based game publisher 2K recently disclosed that an attack against its help desk might’ve jeopardized their customers’ security. Attackers compromised its support platform and targeted customers with phony tickets injected with the Redline information-stealing malware.

Yesterday, 2K customers started to receive email notifications of support tickets opened on their behalf. Although the tickets were indeed created on the targeted accounts, most users said they were not the ones who opened them.

Shortly after the initial notice, users received a follow-up email as a ticket reply from a fake 2K support agent called “Prince K.” The second email comprised a generic confirmation message and an archive attachment named  “2K Launcher.zip.”

“The unauthorized party sent a communication to certain players containing a malicious link,” reads a 2K Support announcement. “Please do not open any emails or click on any links that you receive from the 2K Games support account.”

The archive hosted a poorly spoofed “2K Launcher” executable. A closer look at the file’s properties showed several inconsistencies, such as a file description of “5K Player,” an original filename of “Plumy,” and the lack of a digital signature, according to Bleeping Computer.

Further analysis of the file revealed that the executable was laced with Redline info-stealing malware. Redline is a widespread malware strain used to steal data from compromised systems, including browser cookies, saved browser passwords, browser history, crypto wallets, VPN passwords and credit card details.

2K’s announcement included a list of recommendations for users who might’ve been compromised after accessing the malicious links:

  • Enable multi-factor authentication (MFA) whenever possible, especially for sensitive accounts (online banking accounts, email)
  • Avoid using text-based MFA, as it could be subject to SIM-swapping attacks; choose authenticator apps instead
  • Reset account passwords stored within your web browser
  • Check if any forwarding rules have been added or modified on your email accounts
  • Install and use trustworthy security software

After the attack, 2K took the support platform offline to investigate the incident and assess the damages.

"We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” the company announcement reads.


Dedicated software solutions like Bitdefender Ultimate Security can protect you against cyberthreats with an extensive array of features, including:

  • All-around real-time protection against worms, Trojans, viruses, ransomware, rootkits, zero-days, and other e-threats
  • Network monitor that accurately detects and repels threats
  • Advanced threat defense module that closely monitors active apps and prevents infections instantly upon detecting suspicious activity
  • Breach monitor that scans public and Dark Web sources and notifies you if your data has been leaked in a breach

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142 Authorities Dismantle iSpoof Criminal Phone Spoofing Operation, Arresting 142
Vlad CONSTANTINESCU

November 25, 2022

1 min read
975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud 975 Arrested by Interpol Over Phishing, Romance Scams, Sextortion and Investment Fraud
Filip TRUȚĂ

November 25, 2022

2 min read
How SIM Swapping Attacks Work and How to Protect Yourself How SIM Swapping Attacks Work and How to Protect Yourself
Filip TRUȚĂ

November 25, 2022

3 min read