bleepingcomputer.com/news/security/2k-games-says-hacked-help-desk-targeted-players-with-malware/
bleepingcomputer.com/news/security/2k-game-support-hacked-to-email-redline-info-stealing-malware/
Hackers have compromised the support system of American video game publisher 2K and now are sending support tickets to gamers containing the RedLine password-stealing malware.2K is the publisher behind numerous popular game franchises, including NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization, and Xcom.
Starting today, 2K customers began receiving emails stating that they opened support tickets on 2ksupport.zendesk.com, 2K's online support ticketing system. While the users confirmed these tickets had been created, numerous recipients on Twitter and Reddit stated that they were not the ones who opened the tickets.
Soon after the tickets were opened, the gamers received another email containing a reply to their ticket from an alleged 2K support representative named 'Prince K.'
This email includes an attached file named '2K Launcher.zip' hosted directly on 2ksupport.zendesk.com, which pretended to be a new game launcher.
"Thank you for reaching out to 2K Support! The download for the new 2K games launcher can be found below," read the support tickets sent to 2K customers.
The downloaded archive contains a 107 MB executable named '2K Launcher.exe,' and based on its file properties, you can see that it is not an official 2K executable.
For example, the file is not digitally signed by the company and has a name of 'Plumy' and a file description of '5K Player,'
According to VirusTotal and Any.Run, this executable is the RedLine information-stealing malware.
"Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers," 2K's support account tweeted on Tuesday after BleepingComputer broke the story on the security breach."The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account."
The company advised those who might have clicked one of the malicious links sent by the attackers to take steps to mitigate the potential impact immediately:
Reset any user account passwords stored in your web browser (e.g., Chrome AutoFill)
Enable multi-factor authentication (MFA) whenever available, especially on personal email, banking, and phone or Internet provider accounts. If possible, avoid using MFA that relies on text message verification - using an authenticator app would be the most secure method
Install and run a reputable anti-virus program
Check your account settings to see if any forwarding rules have been added or changed on your personal email accounts2K added that its support portal was taken offline earlier while the video game publisher investigates and addresses the incident's fallout.
The company said it would issue a notice to let players know when it will be safe to start interacting with its support staff again.