US video game publisher 2K has confirmed that its help desk platform has been hacked and used to target customers with fake support tickets pushing malware through embedded links.
“Earlier today, we became aware that an unauthorized third party was illegally accessing one of our vendors’ credentials for the help desk platform 2K uses to support our customers,” 2K’s support account tweeted Tuesday after BleepingComputer’s story posted. the security breach.
“The unauthorized party has sent a message to certain players containing a malicious link. Do not open emails or click on links you receive from the 2K Games support account.”
The company advised those who may have clicked on one of the malicious links sent by the attackers to take steps to immediately mitigate the potential impact:
- Reset all user account passwords stored in your web browser (e.g. Chrome AutoFill)
- Enable multi-factor authentication (MFA) whenever possible, especially for personal email, banking, and phone or Internet service provider accounts. If possible, avoid using MFA which relies on SMS authentication – using an authentication app would be the safest method
- Install and run a reputable antivirus program
- Check your account settings to see if forwarding rules have been added or changed in your personal email accounts
2K added that the support portal was previously taken offline while the video game publisher investigates and addresses the fallout from the incident.
The company said it would release a message letting players know when it will be safe to communicate with support staff again.
“We will notify you when you can resume interacting with official 2K help desk emails, and we will also provide additional information on how to best protect yourself from malicious activity,” 2K said.
Hi folks, please read an important message from our customer service team. Thank you. pic.twitter.com/yKI18eL7mY
— 2K support (@2KSupport) September 20, 2022
Malicious emails pushed RedLine info-stealer
As BleepingComputer previously reported, 2K customers began receiving emails earlier today stating that they had opened support tickets on 2ksupport.zendesk.com, 2K’s online support ticketing system.
While the users confirmed that these tickets were accessible through the 2K helpdesk portal, numerous recipients mentioned on Twitter and Reddit that they weren’t the ones who opened these support tickets.
Shortly after the tickets were opened, they also received another email in response to the original ticket (from an alleged 2K support rep named “Prince K”), emails that also contained links to a file called Download ‘2K Launcher.zip’ from 2ksupport .zendesk.com.
As BleepingComputer discovered, the archive contained an executable file that, according to VirusTotal and Any.Run scans, is actually the RedLine malware to steal information.
RedLine Stealer is an info-stealer malware that threat actors use to steal a wide variety of data after infecting someone’s system, including web browser history, cookies, saved browser passwords, credit cards, VPN credentials, instant messaging content, cryptocurrency- wallets and more .
While 2K has yet to release any information on this, it’s unclear whether the weekend’s support system attack is related to the Rockstar Games hack, but the timing is certainly suspicious.
Both companies are subsidiaries of Take-Two Interactive, one of the largest video game publishers in the Americas and Europe.
The threat actor behind the Rockstar Games breach has also claimed the recent Uber hack, which believes the attack was orchestrated by a hacker affiliated with the racketeering group Lapsus$.
2K is the publisher behind numerous popular game franchises, including NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization and Xcom.
BleepingComputer had contacted 2K about the hack of their support systems before the game publisher confirmed the attack, but we are still waiting for a response.