Official Endgame Gear mouse software on its website was compromised by malware, admits company; pledges improvements to avert future occurrences
In a recent cybersecurity incident, the official configuration tool for Endgame Gear's OP1w 4K V2 wireless gaming mouse was compromised with the XRed backdoor malware between June 26th and July 9th, 2025. The infected software was distributed directly from Endgame Gear's official website during that time frame.
**Details of the compromise:**
The malware involved is the XRed RAT (Remote Access Trojan), which has advanced capabilities such as collecting system information, transmitting it remotely via SMTP, persisting through shutdowns by hiding in folders and modifying the Windows Registry, and propagating via USB devices, acting like a worm. The infection was discovered after a user downloaded the official configuration tool on July 2, 2025, noticed suspicious behavior on their system, and then confirmed the infection through analysis with VirusTotal and Tria.ge services.
The compromised file was silently replaced on the official site by Endgame Gear without an immediate public acknowledgment.
**Consequences of the compromise:**
Users who downloaded and ran the infected tool risked having their systems backdoored with a persistent malware capable of spying and spreading. Affected users reported system instability and suspicious behavior after installation.
**Steps taken to address the issue:**
Endgame Gear quietly replaced the infected software package on their official site after the discovery. They have issued detailed instructions to users on how to check for infection on their systems and how to remove the malware safely. An ongoing investigation is underway to determine how the malware infiltrated Endgame Gear’s servers and to prevent future incidents.
The user who first reported the infection alleged GDPR violations and called for an official investigation.
**Measures taken to prevent future incidents:**
Additional malware scans for all files before and after upload to Endgame Gear's servers have been implemented. Digital signatures are planned to be implemented for all Endgame Gear software files. Product page-specific downloads have been discontinued, and all software downloads are being centralized to the main Downloads page.
**Advice for users:**
Most users' basic antivirus software should have caught this malware. To check if a computer is infected, one can enable viewing hidden files and check for the existence of Synaptics.exe in C:\ProgramData\Synaptics. SHA hashes are being provided for all downloads to allow users to verify file integrity. Anti-malware protections on Endgame Gear's hosting servers have been reinforced. No customer data was accessible or affected on Endgame Gear’s servers during the incident.
Endgame Gear has issued a statement confirming the incident and stating that only the OP1w 4K V2 product page on their brand store was affected. The clean version of the file can be downloaded from Endgame Gear’s official downloads page, which is now found on the main Downloads page. The malware is a remote access trojan (RAT) that can allow an attacker to take control of a computer. It can propagate via USB drives.
The company urges users to exercise caution when downloading software from any source, especially from official websites, and to keep their antivirus software up to date. They also encourage users to regularly scan their systems for malware and to follow best practices for cybersecurity.
- In light of the recent cybersecurity incident, it is advisable for users to exercise professional caution when downloading software, particularly from official websites, to avoid similar issues.
- It's essential for Endgame Gear, a company specializing in technology, data-and-cloud-computing, and cybersecurity, to implement digital signatures for all their software files to prevent future incidents.
- The company's statement revealed that the compromised file, related to the OP1w 4K V2 gaming mouse, was a Remote Access Trojan (RAT), capable of transmitting system information and propagating via USB devices, echoing the dangers of not vetting games and associated tools thoroughly.
- As a responsible user, after downloading the official configuration tool, one should routinely verify file integrity by using SHA hashes and scanning systems for any malware, including the XRed RAT, to ensure a secure and stable gaming experience.
