Gaming mouse producer could have hosted malware-compromised configuration software program on its official website for not less than two weeks
Effectively, it is a first for me: Software program for a gaming mouse from the producer’s personal website had, for some time, been compromised with XRed malware. Igor of Igor’s Lab first seen the studies coming in in regards to the Endgame Gear OP1w 4K V2 configuration instrument on the MouseReview subreddit. The studies counsel the instrument had what appears to be bona fide malware packaged in with it and the corporate has now modified the file to a non-infected one.
In response to the preliminary report from Redditor Admirable-Raccoon597, the “trojanised” (contaminated) file was what customers would obtain from the corporate’s hyperlink to the instrument from not less than July 2, 2025 (which was once they first downloaded it) till July 17, 2025, when it was changed with the clear model:
“This clearly exhibits the seller’s obtain path modified someday between July 2nd and seventeenth, and the sooner model was contaminated. It got here from their official CDN, not a third-party mirror.”
The identical person shared elsewhere that an Endgame Gear official acknowledged the issue and reuploaded the file: “Much more regarding, u/EndgameGear_Max from the EGG crew replied in [the Discord thread the user posted in] and acknowledged the problem, saying he simply ‘reuploaded’ the file. That’s it.”
Apparently the malware is a distant entry trojan (RAT), which may enable an attacker to take management of your pc not directly. The Redditor says the recordsdata have been submitted to on-line virus checkers and so they have been confirmed to be contaminated with the XRed backdoor, which Broadcom explains has “subtle capabilities because it collects system information info that it transmits the info utilizing SMTP to electronic mail addresses.”
Broadcom continues: “This backdoor additionally has notable persistence capabilities by utilizing hidden directories and Registry Run Keys whereas trying to stay hidden in trojanized software program. It moreover has worm-like propagation by way of USB drive capabilities.”
To know in case you’re contaminated, the Redditor who reported the issue says you’ll be able to allow viewing hidden recordsdata after which test in C:ProgramDataSynaptics. Should you see Synaptics.exe there, apparently you are contaminated.
It is value noting that one other Redditor factors out that almost all customers’ primary antivirus software program constructed into Chrome and Home windows ought to have caught this: “Defender and Google Chrome caught it on the time. VT had 66/71 AV detections so virtually anybody with any AV throughout that small time window would’ve caught it as effectively. I feel the margin of people that ran the instrument with embedded XRed with out getting a warning is extraordinarily small contemplating the detection fee and time window.”
Nonetheless, malware can typically be a numbers recreation: Get your file into the wild and hope you nab even only a small proportion of victims.
The very fact is, it appears to be like like there was real—and actually fairly malicious—malware hosted on an official Endgame Gear content material supply community (CDN), sitting ready for PC players with the OP1w 4K V2 mouse to obtain it.
On the time of writing there was no public assertion from Endgame Gear, although we’re reaching out for an official remark.
Greatest gaming mouse 2025