Popular publisher 2K Games’ helpdesk platform was hacked to spread malware (opens in new tab) among the players, the company has confirmed.
In a tweet, 2K Games said it recently discovered that hackers had managed to “illegally gain access to one of its helpdesk platform providers’ credentials.”
“The unauthorized party sent certain players a message with a malicious link. Please do not open emails or click on links received from the 2K Games support account,” the company warned.
Set up MFA
The attackers first opened a fake support ticket and responded to it shortly thereafter. In the reply message, they shared a file called “2K Launcher.zip” and invited players to run it on their endpoints. The file turned out to be RedLine Stealer, a well-known infostealer capable of stealing browser-saved passwords, banking information, and cryptocurrency wallets, among other things. In addition, RedLine can retrieve VPN credentials, web browser history, and cookies.
Knowing the type of malware the attacker was trying to distribute, 2K advised potential victims to reset all passwords stored in the browser, enable multi-factor authentication wherever possible (using an app instead of SMS), install an antivirus, and much more Check the e-mail accounts for forwarding rules.
In the meantime, 2K has taken its support portal offline to thoroughly investigate the incident.
“We will issue a notification when you can again interact with the official 2K Helpdesk emails, and we will also provide more information on how best to protect yourself from malicious activity,” 2K said.
At the moment it is unknown who the threat actors behind the attack are, however Beeping computer speculates it could be the same group that recently broke into Rockstar Games – Lapsus$.
“Both companies are subsidiaries of Take-Two Interactive, one of the largest video game publishers in America and Europe,” it said.
Via: BleepingComputer (opens in new tab)
https://www.techradar.com/news/2k-games-helpdesk-hacked-to-spread-malware-to-players 2K Games helpdesk hacked to spread malware to players