Popular publisher 2K Games’ support platform has been hacked in a distribution attempt malware (opens in a new tab) among gamers, the company confirmed.
In a tweet, 2K Games said it recently discovered that hackers had managed to “illegally gain access” to the credentials of one of its vendors on the support platform.
“An unauthorized party has sent a message with a malicious link to certain players. Please do not open emails or click on links received from a 2K Games support account,” the company warned.
Setting up the Ministry of Foreign Affairs
The attackers would first open a fake support ticket and then respond to it soon after. In response, they’ll open a file called “2K Launcher.zip,” inviting players to run it on theirs endpoints. The file turned out to be RedLine Stealer, a well-known information stealer capable of stealing passwords stored in browsers, stealing bank data, as well as cryptocurrency wallets, among other things. In addition, RedLine may collect VPN credentials, web browser history, and cookies.
Knowing the type of malware the threat actor was trying to spread, 2K advised potential victims to reset all passwords stored in their browsers, enable multi-factor authentication where possible (via an app, not SMS), install an antivirus program, and verify credentials Email records for forwarding rules.
Meanwhile, 2K has shut down its support portal as it thoroughly investigates the incident.
“We will issue a notification when you can resume interacting with official 2K support emails, and we will also provide additional information on how you can best protect yourself from any malicious activity,” 2K said.
At the moment, it is not known who is behind the attack, but BleepingComputer suggests that this may be the same group that recently invaded Rockstar Games – Lapsus$.
“Both companies are subsidiaries of Take-Two Interactive, one of the largest video game publishers in America and Europe,” it said.
Via: BleepingComputer (opens in a new tab)