Gamers under fire: malware on official websites

[harlan4096]

Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.
 
Experienced gamers are well aware of the risks of downloading games, mods, skins, and other gaming software from unofficial sources. However, infections can also originate from platforms users typically trust — developer websites and official stores.

In this post, we review several cases where attackers distributed malware through official gaming resources. We also explain how to protect your system, loot, and account — so you can keep playing on your favorite platforms without any nasty surprises.

Infected Endgame Gear mouse-configuration tool

In July 2025, Endgame Gear, a manufacturer of advanced mice aimed at esports players and seasoned gamers, reported a malware infection in its OP1w 4k v2 mouse-config utility. The Trojan remained on the company’s official site for almost two weeks, from June 26 to July 9, 2025.

 

The official page for the Endgame Gear OP1w 4k v2 mouse hosted a malware-infected setup tool. Source

As a result, users who downloaded the utility from the product page during that period also received malware with it. Endgame Gear did not specify what the malicious payload was, but user-scan data suggests it was an XRed backdoor.XRed offers a wide range of capabilities for remote control of infected systems. These include a keylogger and enables attackers to access the command line, browse disks and folders, download and delete files, and take screenshots. XRed can also download additional modules and exfiltrate system data to remote servers.

It was gamers themselves who first noticed something was wrong with the OP

1w 4k v2 configuration tool. They began discussing suspicious signs on Reddit nearly two weeks before Endgame Gear released an official statement. The key details that raised user suspicions were the size of the program — the infected version was 2.8MB instead of the usual 2.3MB — and the file signature, listed as “Synaptics Pointing Device Driver” instead of “Endgame Gear OP1w 4k v2 Configuration Tool”.

In its official statement on the incident, Endgame Gear clarified that users who downloaded the tool from the general downloads page (endgamegear.com/downloads), GitHub, or the company’s Discord channel are safe. The threat only affected gamers who downloaded software directly from the OP1w 4k v2 product page between June 26 and July 9, 2025. After that, the malware was removed from the company’s site.

Continue Reading...