- 2K Games announced that a third party illegally accessed the credentials of one of its vendors to the help desk platform.
- The hackers sent emails to gamers that included a link to malware that is hosted on the 2ksupport.zendesk.com domain.
- The malware is a RedLine information-stealing malware that attempts to steal personal information from the users’ computers.
Popular video game publisher, 2K Games officially confirmed that its helpdesk platform was hacked and hackers are targeting gamers with fake support tickets to spread malware. Customers reported that they are receiving emails stating that they opened support tickets on the 2K’s online support system. However, users are not the ones who created these tickets.
Prince K.
Shortly after the initial email, customers received a second mail from an alleged 2K representative called Prince K. with an attachment named “2K Launcher.zip” file, which is hosted on 2ksupport.zendesk.com. The file pretends to be the new game launcher for the publisher. The email says,
« Thank you for reaching out to 2K Support! The download for the new 2K games launcher can be found below. »
It is a 107 MB executable file named “2K Launcher.exe” and it is not an official 2K file, according to the copyright information and the original filename appears to be “Plumy.exe”. According to cybersecurity experts, it is a RedLine information-stealing malware that attempts to steal browser history, browser cookies, saved browser passwords, credit cards, VPN passwords, IM content, system information, and cryptocurrency wallets.
After the incident, the company shut down its support system. The company also urged users to ignore the emails coming from their support system and recommended the following:
- Reset any user account passwords stored in your web browser (e.g., Chrome AutoFill)
- Enable multi-factor authentication (MFA) whenever available, especially on personal email, banking, and phone or Internet provider accounts. If possible, avoid using MFA that relies on text message verification – using an authenticator app would be the most secure method
- Install and run a reputable anti-virus program
- Check your account settings to see if any forwarding rules have been added or changed on your personal email accounts
Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mY
— 2K Support (@2KSupport) September 20, 2022