2K Games helpdesk hacked to spread malware to players

The helpdesk platform of popular publisher 2K Games has been hacked in an attempt to spread malware among gamers, the company has confirmed. 

In a tweet, 2K Games said it recently discovered that hackers managed to “illegally access” the credentials of one of its vendors to the helpdesk platform. 

“The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account,” the company warned.

Setting up MFA

The attackers would first open up a fake support ticket, and soon after, reply to it. In the reply message, they’d share a file named “2K Launcher.zip”, inviting the players to run it on their endpoints. The file turned out to be RedLine Stealer, a known infostealer that’s capable of, among other things, grabbing passwords stored in the browser, stealing banking data, as well as cryptocurrency wallets. Furthermore, RedLine can grab VPN credentials, web browser history, and cookies. 

Knowing the type of malware the threat actor set out to distribute, 2K advised potential victims to reset all passwords stored in the browser, enable multi-factor authentication wherever possible (with an app, rather than via SMS), install an antivirus program, and check the email accounts for any forwarding rules.

In the meantime, 2K took its support portal offline as it thoroughly investigates the incident. 

“We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” 2K said.

At the moment, it is not known who the threat actors behind the attack are, but BleepingComputer speculates it could be the same group that recently broke into Rockstar Games – Lapsus$.  

“Both companies are subsidiaries of Take-Two Interactive, one of the largest video game publishers across the Americas and Europe,” it said.

Via: BleepingComputer

Go to Source
Author: