Redazione RHC : 29 July 2025 15:23
Gaming peripheral manufacturer Endgame Gear reported that between June 26 and July 9, 2025, malware was inserted into the company’s official website, hidden in the OP1w 4k v2 mouse configuration tool. About two weeks ago, Reports of malware in the OP1 customization tool appeared on Reddit.
Users simultaneously reported several key differences, indicating that the company’s website was hosting a trojanized installer. For example, they drew attention to the driver’s increased size of 2.8 MB (compared to 2.3 MB for the “clean” version), as well as the fact that the file’s properties indicated “Synaptics Pointing Device Driver” (instead of “Endgame Gear OP1w 4k v2 Configuration Tool”).
After being uploaded to VirusTotal, the malware was identified as XRed backdoor, but the Endgame Gear representatives say that the analysis of the malicious payload is not yet complete. Last week, the company confirmed that the Endgame_Gear_OP1w_4k_v2_Configuration_Tool_v1_00.exe tool hosted on its website was indeed infected with malware. However, Endgame Gear did not explain exactly how this happened.
The malicious file was posted on the page endgamegear.com/gaming-mice/op1w-4k-v2, and the manufacturer emphasizes that everyone who downloaded the utility from this page during the specified period was infected. At the same time, users who downloaded the utility from the main download page (endgamegear.com/downloads), via GitHub, and Discord, were not affected, as the “clean” version was distributed through these channels.
The malware now appears to have been removed.
Endgame Gear recommends users who downloaded the malicious version of the tool to delete all files from the C:ProgramDataSynaptics folder and redownload the safe version from this page. Since the malware has keylogger capabilities and can remotely access the system and steal data, affected users are advised to run a full system scan with an antivirus program and ensure all remnants of the infection are destroyed.
It is also recommended to change the passwords for all important accounts, including online banking, email services, and work profiles. Endgame Gear says the company will eliminate separate download pages in the future and will add SHA hash verification and digital signatures to all files to verify their integrity and source authenticity.
It’s worth noting that eSentire analysts already raised the alarm: XRed could have masqueraded as the Synaptics Pointing Device Driver. At the time, malware was also distributed via Trojanized software bundled with USB-C hubs sold on Amazon.
Redazione