Gaming giant 2K Games has confirmed that the company’s help desk platform has been hacked in an attempt to spread malware among gamers.
2K Games said in a tweet recently that it discovered that hackers had “illegally” accessed the credentials of one of its suppliers to its helpdesk platform. The company warned, “The unauthorized party has sent a communication containing a malicious link to certain players. Please do not open any emails or click on any links you receive from the 2K Games support account.”
Attackers first open a fake support ticket and respond to it shortly after. In their response message, they share a file called “2K Launcher.zip”, inviting players to run it on their endpoints. The file was found to be RedLine Stealer, a known information thief capable of intercepting passwords stored in the browser, stealing banking data and cryptocurrency wallets, among other things. Also, RedLine can retrieve VPN credentials, web browser history and cookies.
Learning the type of malware this threat actor is planning to spread, 2K tells potential victims to reset all passwords stored in the browser, enable multi-factor authentication wherever possible (with an app instead of SMS), install an antivirus, and email for any redirect rules. advises them to check their mail accounts. In addition, 2K took the support portal offline while investigating the incident extensively.
“We will post a notification when you can continue to interact with official 2K helpdesk emails, and we will also follow up with additional information on how you can best protect yourself against any malicious activity,” 2K said.
It is currently unknown who the threat actors behind the attack are, but BleepingComputer speculates that it could be Lapsus$, the group that recently attacked Rockstar Games.