Endgame Gear warns mouse config tool has been infected with malware

News
By published

Someone planted a trojanized version of a tool

An abstract image of digital security.
(Image credit: Shutterstock) (Image credit: Shutterstock)
  • Endgame Gear software hijacked to serve malware
  • Attack spotted by the company's community
  • Endgame is making significant changes to prevent repeat occurrences

Gaming kit maker Endgame Gear has confirmed it was the victim of a supply chain attack which saw unidentified threat actors break into its website and replace a legitimate configuration tool with a trojanized version containing malware.

In an announcement posted on the company’s website, it said on June 26 2025, someone managed to replace a version of the Configuration Tool for the Endgame Gear OP1w 4k v2 wireless mouse, found on its product page, with a malicious fraud.

The tainted version remained on the site until July 9, when it was removed.

Hiding the attack in plain sight

the malware acts as an infostealer, so users should change their passwords, too, especially for important accounts such as banking, work, social media, email, and similar.

The company did not discuss how the threat actors broke in, or who they were, but stressed the trojanized version was found only on the product page for that specific peripheral, while the versions found on the downloads site, GitHub, or Discord, remained clean.

Software for other peripherals was not targeted, as well.

Endgame said it only spotted the intrusion after seeing “online discussions”, meaning it was the community that flagged the attack.

A more thorough analysis has shown that access to file servers was not compromised, and customer data was not accessed.

To prevent similar incidents from happening in the future, Endgame is killing product page-specific downloads, and is centralizing all downloads on its main download page.

Furthermore, it is implementing additional malware scans and reinforcing anti-malware protections on its hosting servers.

Users who downloaded the malware are advised to remove it, and to check for the presence of the folder "C:\ProgramData\Synaptics" (it could be hidden).

They should also run a full system scan, and download a clean version.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.