Days after a threat actor compromised Rockstar Games, American video game producer 2K reportedly suffered a cyberattack wherein the hackers created a clone version of its support system. According to sources, the attackers used RedLine password-stealing malware to access the company’s help desk.
During the attack, 2K Games’ online support ticketing system 2ksupport.zendesk.com started notifying its users through an email that “a ticket had been filed” on their behalf. Several 2K users then took screenshots of the notification email and reported that they didn’t open any tickets.
2K has produced some of the most noticeable video game titles, such as WWE 2K, Bioshock, Civilization, NBA 2K, Borderlands, and Xcom.
2K Games’ users targeted by infected emails
Hey folks, please read an important message from our Customer Support team. Thank you. pic.twitter.com/yKI18eL7mY
— 2K Support (@2KSupport) September 20, 2022
A response to the opened ticket was sent to the user’s registered email ID and was initiated under the 2K support person going by the name “Prince K.” The email had an attachment named ‘2K Launcher.zip,’ which was marked as a new 2K customer support launcher for the users to contact the game developer giant.
However, upon opening the launcher that was contained in a 107 MB ZIP folder, some users were able to identify that the launcher did not belong to 2K as it was not digitally signed by the firm and bore the name ‘Plumy’ with the file description’ 5K Player.
2K Launcher.exe is malware in disguise
RedLine is a data-stealing malware used in multiple instances for initiating large-scale attacks. In April 2022, more than 10,000 Redline malware attacks were recorded in 150 countries and territories, according to The Record. Being a low-cost password stealer on the underground markets, Redline sells as a standalone for $100/$150, depending on the version.
The malware can steal login information from users, including their passwords, messages, browser cookies, browser history, data from cryptocurrency wallets, and much more. According to Secure Blink, an application security management platform, the 2K Launcher.exe could target directories on the victims’ devices, including online and offline records on FileZilla, Discord, Steam, and web browsers. Anyone who downloaded the fake support launcher could run malware detection programs to find it.
To prevent further breach, the game distributor company shut down its support systems, and currently, the users cannot access live tickets from their accounts. The company has also advised its users to mitigate the threat using basic cybersecurity practices.