In a tweet, 2K Games said it recently discovered that hackers managed to “illegally access” the credentials of one of its vendors to the helpdesk platform.
“The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account,” the company warned.
Setting up MFA
The attackers would first open up a fake support ticket, and soon after, reply to it. In the reply message, they’d share a file named “2K Launcher.zip”, inviting the players to run it on their endpoints. The file turned out to be RedLine Stealer, a known infostealer that’s capable of, among other things, grabbing passwords stored in the browser, stealing banking data, as well as cryptocurrency wallets. Furthermore, RedLine can grab VPN credentials, web browser history, and cookies.
Knowing the type of malware the threat actor set out to distribute, 2K advised potential victims to reset all passwords stored in the browser, enable multi-factor authentication wherever possible (with an app, rather than via SMS), install an antivirus program, and check the email accounts for any forwarding rules.
In the meantime, 2K took its support portal offline as it thoroughly investigates the incident.
“We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” 2K said.
At the moment, it is not known who the threat actors behind the attack are, but BleepingComputer speculates it could be the same group that recently broke into Rockstar Games – Lapsus$.
“Both companies are subsidiaries of Take-Two Interactive, one of the largest video game publishers across the Americas and Europe,” it said.
- These are the best firewalls right now