2K Games, a prominent video game publisher, has admitted that its support system was hacked in an effort to disseminate malware to its player base.
2K Games revealed in a tweet that it had recently learned that hackers had “illegally accessed” the credentials of one of its vendors to the company’s helpdesk system.
“The hacker contacted a subset of players via message that contained a malicious link. Never interact with emails purporting to be from the 2K Games support account, including opening attachments or clicking on links “business officials issued a warning.
MFA Integration
First, they’d create a phoney support ticket, then respond to it. Responders would attach a file to the message called “2K Launcher.zip” and instruct gamers to open it on their computers. The file is RedLine Stealer, a well-known infostealer that can access browser-stored passwords, financial information, and cryptocurrency wallets. RedLine can steal VPN login information, browser cookies, and even browsing history.
2K, aware of the malware the threat actor intended to spread, urged potential victims to change their browser passwords, enable multi-factor authentication wherever possible (using an app, rather than via SMS), download and run an antivirus programme, and review their email accounts for any forwarding rules.
Meanwhile, 2K has shut down its help centre to conduct a comprehensive investigation.
“We will give a notice when you can resume dealing with official 2K help desk emails,” 2K wrote. “We will also follow up with additional advice as to how you can best protect yourself against any malicious conduct.”
While the identity of the attackers is currently unknown, BleepingComputer has hypothesised that the same gang that recently breached Rockstar Games – Lapsus$ is responsible for this attack.
Take-Two Interactive is “one of the leading video game publishers in the Americas and Europe,” and “both firms are subsidiaries of Take-Two Interactive.”