Hackers Exploit Official Gaming Mouse Software to Spread Windows-based Xred Malware

Gaming peripheral manufacturer Endgame Gear has disclosed a security incident involving malware-infected software distributed through their official website, affecting users who downloaded the OP1w 4k v2 mouse configuration tool between June 26 and July 9, 2025.

The company has issued an urgent security advisory and implemented immediate remediation measures while the investigation into the breach continues.

Key Takeaways:
1. Endgame Gear’s OP1w 4k v2 mouse configuration tool was infected with malware between June 26 and July 9, 2025.
2. The breach was isolated to the OP1w 4k v2 product page, with no other products or customer data affected.
3. The company has implemented new security measures, including malware scanning and digital signatures for software.
4. Affected users should verify file integrity, delete suspicious files, and run antivirus scans.

Isolated Breach Affects Single Product Download

The security incident was limited to the OP1w 4k v2 wireless mouse configuration tool available on the product’s dedicated page at endgamegear.com.

During the two-week period, customers who downloaded the software unknowingly received a malware-infected version of the legitimate configuration tool.

The company emphasized that the breach was isolated to this single product page, with all other download sources remaining unaffected.

“This issue was isolated to the OP1w 4k v2 product page download only,” the company stated in their security notice.

Other official distribution channels, including the main downloads page, GitHub repository, and Discord channel, contained only clean files throughout the incident period.

No other Endgame Gear v2 products or their associated configuration tools were compromised.

The infected file differed from the legitimate version in both size and metadata.

While clean files measured approximately 2.3MB unzipped, the malware-infected versions were approximately 2.8MB.

Additionally, infected files incorrectly displayed “Synaptics Pointing Device Driver” as the product name in Windows file properties, rather than the correct “Endgame Gear OP1w 4k v2 Configuration Tool” designation.

Company Implements Comprehensive Security Overhaul

Following discovery of the incident through online user discussions, Endgame Gear immediately removed the compromised file and launched an internal investigation.

The company confirmed that their file servers were not directly compromised and no customer data was accessed or affected during the incident.

In response to the breach, Endgame Gear has implemented multiple security enhancements. Completed measures include additional malware scanning protocols for all files before and after server upload, along with reinforced anti-malware protections on hosting infrastructure.

The company is also consolidating all software downloads to their main downloads page, eliminating product-specific download locations that may present security vulnerabilities.

Additional security measures currently in development include SHA hash verification for all downloads, allowing users to confirm file integrity, and digital signatures for all software files to ensure authenticity.

These measures represent a comprehensive approach to preventing similar incidents in the future.

User Action Required for Potentially Affected Systems

Customers who downloaded the OP1w 4k v2 configuration tool during the affected timeframe should take immediate action to identify and remove potentially infected files:

• Verify file size: Check if your downloaded file is approximately 2.8MB unzipped (infected) versus 2.3MB (clean).
• Check file properties: Right-click the file, select Properties > Details tab, and confirm the product name shows “Endgame Gear OP1w 4k v2 Configuration Tool” rather than “Synaptics Pointing Device Driver.”
• Delete suspicious files: Immediately remove any files matching infected characteristics.
• Remove malware folders: Check for and delete the “C:ProgramDataSynaptics” folder if present.
• Run an antivirus scan: Perform a full system scan to ensure complete malware removal.
• Download the clean version: Obtain the legitimate configuration tool from the official downloads page.

The company has made clean versions of the configuration tool available through their official downloads page and encourages affected users to contact support at [email protected] for additional assistance with remediation efforts.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!