Compromised 2K Games Help Desk Used to Target Players with Malware

US-based game publisher 2K recently disclosed that an attack against its help desk might’ve jeopardized their customers’ security. Attackers compromised its support platform and targeted customers with phony tickets injected with the Redline information-stealing malware.

Yesterday, 2K customers started to receive email notifications of support tickets opened on their behalf. Although the tickets were indeed created on the targeted accounts, most users said they were not the ones who opened them.

Shortly after the initial notice, users received a follow-up email as a ticket reply from a fake 2K support agent called “Prince K.” The second email comprised a generic confirmation message and an archive attachment named  “2K Launcher.zip.”

“The unauthorized party sent a communication to certain players containing a malicious link,” reads a 2K Support announcement. “Please do not open any emails or click on any links that you receive from the 2K Games support account.”

The archive hosted a poorly spoofed “2K Launcher” executable. A closer look at the file’s properties showed several inconsistencies, such as a file description of “5K Player,” an original filename of “Plumy,” and the lack of a digital signature, according to Bleeping Computer.

Further analysis of the file revealed that the executable was laced with Redline info-stealing malware. Redline is a widespread malware strain used to steal data from compromised systems, including browser cookies, saved browser passwords, browser history, crypto wallets, VPN passwords and credit card details.

2K’s announcement included a list of recommendations for users who might’ve been compromised after accessing the malicious links:

• Enable multi-factor authentication (MFA) whenever possible, especially for sensitive accounts (online banking accounts, email)
• Avoid using text-based MFA, as it could be subject to SIM-swapping attacks; choose authenticator apps instead
• Reset account passwords stored within your web browser
• Check if any forwarding rules have been added or modified on your email accounts
• Install and use trustworthy security software

After the attack, 2K took the support platform offline to investigate the incident and assess the damages.

"We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” the company announcement reads.

Dedicated software solutions like Bitdefender Ultimate Security can protect you against cyberthreats with an extensive array of features, including:

• All-around real-time protection against worms, Trojans, viruses, ransomware, rootkits, zero-days, and other e-threats
• Network monitor that accurately detects and repels threats
• Advanced threat defense module that closely monitors active apps and prevents infections instantly upon detecting suspicious activity
• Breach monitor that scans public and Dark Web sources and notifies you if your data has been leaked in a breach