In a significant cybersecurity incident, gaming peripheral manufacturer Endgame Gear has confirmed that its official software distribution system was compromised. Hackers infiltrated the company’s OP1w 4K V2 mouse configuration tool, distributing the Xred malware to unsuspecting users between June 26 and July 9, 2025.
This breach exemplifies the growing threat of supply chain attacks within the gaming industry. The infected software was available directly from Endgame Gear’s official product page, making it particularly challenging for users to identify the malicious content.
The issue came to light when members of the MouseReview community on Reddit reported unusual behavior after downloading the configuration tool. User Admirable-Raccoon597 highlighted that the compromised file originated from the official vendor page, not from any third-party source.
Understanding the Xred Malware
Xred is a sophisticated Windows-based backdoor that has been active since at least 2019. This remote access trojan (RAT) is designed to comprehensively compromise victim systems.
Once executed, Xred collects sensitive system information, including MAC addresses, usernames, and computer names. This data is then transmitted to attackers via hardcoded SMTP email addresses.
The malware employs several persistence mechanisms to maintain its presence on infected systems. It creates a hidden directory at C:\ProgramData\Synaptics\ and establishes a Windows Registry Run key. By masquerading as legitimate Synaptics trackpad driver software, Xred becomes more challenging for users to detect.
Beyond data theft, Xred includes keylogging functionality through keyboard hooking techniques, potentially capturing sensitive information such as banking credentials.
Additionally, the malware exhibits worm-like behavior, spreading through USB drives by creating autorun.inf files and infecting Excel files with malicious VBA macros.
Endgame Gear’s Response and Security Measures
Endgame Gear replaced the infected files with clean versions on July 17 without issuing public warnings or acknowledging the breach. The company later released an official security statement confirming the incident, stating that access to our file servers was not compromised, and no customer data was accessible or affected on our servers at any time.
To prevent future incidents, Endgame Gear has implemented several security enhancements, including additional malware scanning procedures, reinforced anti-malware protections on hosting servers, and plans to add digital signatures to all software files.
Broader Implications and Similar Incidents
This incident underscores the vulnerabilities in software distribution systems and the potential risks to end-users. Similar security flaws have been identified in other gaming peripherals.
For instance, a security flaw in Razer’s Synapse software allowed users to gain admin-level access to a PC simply by plugging in a Razer mouse. This vulnerability was discovered by security researcher jonhat, who demonstrated that the installation software inadvertently provided access to Windows’ file explorer at the SYSTEM account level, even for users logged in with standard, non-admin accounts.
Similarly, SteelSeries peripherals were found to have a vulnerability that allowed users to gain administrative rights on Windows systems. Security researcher Lawrence Amer discovered that the SteelSeries Engine software could be exploited to obtain administrative rights, allowing users to open a command-line window with full system privileges simply by plugging in a SteelSeries keyboard.
These incidents highlight the need for robust security measures in software distribution and installation processes, especially for peripherals that interact closely with system-level functions.
Recommendations for Users
Users who downloaded the OP1w 4K V2 mouse configuration tool between June 26 and July 9, 2025, are advised to take the following steps:
1. Check for Signs of Infection: Look for the presence of Synaptics.exe in hidden folders, as this may indicate an infection.
2. Remove Compromised Files: Delete any identified infected files from your system.
3. Perform a Full Antivirus Scan: Use reputable antivirus software to conduct a comprehensive scan of your system to detect and remove any remaining malware.
4. Download the Clean Configuration Tool: Obtain the clean version of the configuration software from Endgame Gear’s official download page.
By taking these steps, users can mitigate the risks associated with this security breach and protect their systems from potential harm.
Conclusion
The compromise of Endgame Gear’s gaming mouse software to distribute Xred malware serves as a stark reminder of the importance of cybersecurity vigilance. Both manufacturers and users must remain proactive in implementing and adhering to robust security practices to safeguard against such threats.
