2K Games Help Desk Compromised and Used to Target Users with Info-Stealing Malware

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

US-based video game publisher 2K Games disclosed on Tuesday that an attack against its help desk potentially put customers’ security at risk. Hackers compromised the company’s support platform and targeted users with fraudulent tickets containing the Redline information-stealing malware.

On Tuesday, 2K customers began to receive email notifications with support tickets opened on their behalf. While the tickets were created on the targeted users’ accounts, most customers said that they were not the ones who opened them.

Shortly after this initial notice, users received a follow-up ticket reply email from a fake 2K support agent called “Prince K.” The second email contained a generic confirmation along with an archive attachment named  “2K Launcher.zip.”

“The unauthorized party sent a communication to certain players containing a malicious link,” said 2K’s Support announcement. “Please do not open any emails or click on any links that you receive from the 2K Games support account.”

The archive attachment hosted a spoofed “2K Launcher” executable. Further analysis of this file revealed that the executable comprised Redline info-stealing malware. Rideline is a popular malware strain that’s used to steal data from compromised systems. This stolen data includes browser cookies, saved browser passwords, browser history, crypto wallets, VPN passwords, and credit card details.

2K’s announcement also contained a list of recommendations for users who may have been compromised after accessing the malicious links, including:

  • Enable multi-factor authentication (MFA) whenever possible, especially for sensitive accounts.
  • Avoid using text-based MFA, as it could be subject to SIM-swapping attacks. Choose authenticator apps instead.
  • Reset account passwords stored within your web browser.
  • Check if any forwarding rules have been added or modified within your email accounts.
  • Install and use trustworthy security software.

Following the attack, 2K took the support platform offline in order to investigate the incident and assess damages.

“We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” added the company’s announcement.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment