Gaming accessory maker Endgame Gear has confirmed that its official software distribution system was breached, allowing hackers to spread Xred malware through the OP1w 4K V2 mouse configuration tool. This malware was unknowingly downloaded by users for nearly two weeks.
The breach occurred between June 26 and July 9, 2025, and is a notable example of a supply chain attack within the gaming industry. The infected software was distributed directly from Endgame Gear’s official website, making it harder for users to spot any warning signs. The issue was first raised by members of the MouseReview subreddit, including user Admirable-Raccoon597, who pointed out that the malware-laced tool had been downloaded straight from the company’s product page.
The malicious payload, identified as Xred, is a backdoor for Windows systems that has been active since at least 2019. It is capable of harvesting sensitive information like MAC addresses, usernames, and computer names. This data is sent to attackers through built-in SMTP email functions.
Xred is designed for persistence. Once installed, it hides in a folder named C:\ProgramData\Synaptics\ and adds itself to the Windows Registry so it launches at startup. It disguises itself as Synaptics driver software, which helps it avoid detection.
In addition to stealing information, Xred can log keystrokes, putting passwords and banking details at risk. It also spreads by infecting USB drives and embedding malicious macros in Excel files.
Endgame Gear quietly replaced the compromised tool with a clean version on July 17, without alerting users. In a later statement, the company confirmed the breach but clarified that its file servers were not accessed and no customer data stored on its systems was exposed.
Following the incident, Endgame Gear has introduced new security measures, including more thorough malware scanning, stronger protection for its hosting infrastructure, and plans to add digital signatures to its software releases.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
