- Endgame Gear software hijacked to serve malware
- Attack spotted by the company’s community
- Endgame is making significant changes to prevent repeat occurrences
Gaming kit maker Endgame Gear has confirmed it was the victim of a supply chain attack which saw unidentified threat actors break into its website and replace a legitimate configuration tool with a trojanized version containing malware.
In an announcement posted on the company’s website, it said on June 26 2025, someone managed to replace a version of the Configuration Tool for the Endgame Gear OP1w 4k v2 wireless mouse, found on its product page, with a malicious fraud.
The tainted version remained on the site until July 9, when it was removed.
Hiding the attack in plain sight
the malware acts as an infostealer, so users should change their passwords, too, especially for important accounts such as banking, work, social media, email, and similar.
The company did not discuss how the threat actors broke in, or who they were, but stressed the trojanized version was found only on the product page for that specific peripheral, while the versions found on the downloads site, GitHub, or Discord, remained clean.
Software for other peripherals was not targeted, as well.
Endgame said it only spotted the intrusion after seeing “online discussions”, meaning it was the community that flagged the attack.
A more thorough analysis has shown that access to file servers was not compromised, and customer data was not accessed.
To prevent similar incidents from happening in the future, Endgame is killing product page-specific downloads, and is centralizing all downloads on its main download page.
Furthermore, it is implementing additional malware scans and reinforcing anti-malware protections on its hosting servers.
Users who downloaded the malware are advised to remove it, and to check for the presence of the folder “C:ProgramDataSynaptics” (it could be hidden).
They should also run a full system scan, and download a clean version.
Via BleepingComputer
You might also like
- North Korean hackers release malware-ridden packages into npm registry
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers