US-based game publisher 2K recently disclosed that an attack against its help desk might’ve jeopardized their customers’ security. Attackers compromised its support platform and targeted customers with phony tickets injected with the Redline information-stealing malware.
Yesterday, 2K customers started to receive email notifications of support tickets opened on their behalf. Although the tickets were indeed created on the targeted accounts, most users said they were not the ones who opened them.
Shortly after the initial notice, users received a follow-up email as a ticket reply from a fake 2K support agent called “Prince K.” The second email comprised a generic confirmation message and an archive attachment named “2K Launcher.zip.”
“The unauthorized party sent a communication to certain players containing a malicious link,” reads a 2K Support announcement. “Please do not open any emails or click on any links that you receive from the 2K Games support account.”
The archive hosted a poorly spoofed “2K Launcher” executable. A closer look at the file’s properties showed several inconsistencies, such as a file description of “5K Player,” an original filename of “Plumy,” and the lack of a digital signature, according to Bleeping Computer.
Further analysis of the file revealed that the executable was laced with Redline info-stealing malware. Redline is a widespread malware strain used to steal data from compromised systems, including browser cookies, saved browser passwords, browser history, crypto wallets, VPN passwords and credit card details.
2K’s announcement included a list of recommendations for users who might’ve been compromised after accessing the malicious links:
After the attack, 2K took the support platform offline to investigate the incident and assess the damages.
"We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” the company announcement reads.
Dedicated software solutions like Bitdefender Ultimate Security can protect you against cyberthreats with an extensive array of features, including: