<\/p>
![\"Endgame](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/09\/18155741\/gamer-malware-endgame-gear-steam-minecraft-1.jpg\")
<\/a>The official page for the Endgame Gear OP1w 4k v2 mouse hosted a malware-infected setup tool. Source<\/a><\/p><\/div>As a result, users who downloaded the utility from the product page during that period also received malware with it. Endgame Gear<\/strong> did not specify what the malicious payload was, but user-scan data suggests it was an XRed<\/strong> backdoor.\n XRed<\/strong> offers a wide range of capabilities for remote control of infected systems. These include a keylogger and enables attackers to access the command line, browse disks and folders, download and delete files, and take screenshots. XRed<\/strong> can also download additional modules and exfiltrate system data to remote servers.<\/p>\n It was gamers themselves who first noticed something was wrong with the OP1w 4k v2<\/strong> configuration tool. They began discussing suspicious signs on Reddit<\/a> nearly two weeks before Endgame Gear<\/strong> released an official statement. The key details that raised user suspicions were the size of the program \u2014 the infected version was 2.8MB instead of the usual 2.3MB \u2014 and the file signature, listed as \u201cSynaptics Pointing Device Driver\u201d instead of \u201cEndgame Gear OP1w 4k v2 Configuration Tool\u201d.<\/p>\n In its official statement on the incident<\/a>, Endgame Gear<\/strong> clarified that users who downloaded the tool from the general downloads page (endgamegear.com\/downloads<\/em>), GitHub, or the company\u2019s Discord channel are safe. The threat only affected gamers who downloaded software directly from the OP1w 4k v2<\/strong> product page between June 26 and July 9, 2025. After that, the malware was removed from the company\u2019s site.<\/p>\n The mouse manufacturer recommends the following steps for any potentially affected users:<\/p>\n In addition, users should change passwords for all important accounts, including financial services, email, and work-related logins.<\/p>\n In 2025, several cases were reported of malware being distributed through early-access games on Steam.<\/p>\n All three cases involved early-access titles \u2014 likely because Steam applies looser verification procedures for pre-release games. Let\u2019s take a closer look at these three cases.<\/p>\n A few days after the beta release of PirateFi<\/strong> \u2014 the first game developed by a studio called Seaworth Interactive<\/strong> \u2014 one user reported on a Steam forum that his antivirus had prevented the game from launching. The security software detected<\/a> the presence of Trojan.Win32.Lazzzy.gen<\/em> malware, which the game attempted to install in the AppData\/Temp<\/em> directory after launch.<\/p>\n PirateFi promised players a pirate-themed survival sim, but in reality it stole browser cookies to hijack accounts. Source<\/a><\/p><\/div>\n The Trojan\u2019s primary goal was to steal browser cookies. These cookies allowed the attackers to access victims\u2019 accounts<\/a> for financial services, social networks, and other online platforms. Several players who downloaded and ran the game reported that the criminals changed the passwords on their accounts and stole funds. PirateFi<\/strong> was pulled from Steam just four days after release. All users who had downloaded the game \u2014 fortunately, only around 800 people \u2014 received an official notification from the platform<\/a> warning them of the malware on their devices.<\/p>\n Steam users who downloaded the infected PirateFi game were warned of malware on their devices. Source<\/a><\/p><\/div>\n Just a month later, a similar situation occurred<\/a> with another game \u2014 Sniper: Phantom\u2019s Resolution<\/strong> by Sierra Six Studios<\/strong>. Once again, players were the first to suspect something was wrong: they noticed that the game\u2019s description and screenshots were clearly copied from other projects. Another red flag was the developer\u2019s offering a demo installer hosted on an external GitHub repository rather than through Steam.<\/p>\n Further examination of the installer\u2019s code by Reddit users revealed suspicious software<\/a> hidden inside. Like the creators of PirateFi<\/strong>, those behind Sniper: Phantom\u2019s Resolution<\/strong> seemed to be after victims\u2019 online accounts. Following user reports, both GitHub and Steam quickly removed the malicious game from their platforms.<\/p>\n The game Sniper: Phantom\u2019s Resolution was published on Steam with an installer containing malware, and was removed after user complaints. Source<\/a><\/p><\/div>\n The third case, involving a game called Chemia<\/strong> by Aether Forge Studios<\/strong>, was a little different<\/a>: this time, it was a beta version of a legitimate game that was infected. Cybersecurity researchers believe the attack was carried out by the hacker group EncryptHub<\/strong>, also known as Larva-208<\/strong>.<\/p>\n It remains unclear how the attackers managed to inject malware into the game. However, players who launched the Chemia<\/strong> playtest unknowingly downloaded two infostealers to their devices. Both ran silently in the background without affecting gameplay, leaving gamers unaware their systems were compromised.<\/p>\n The Chemia playtest on Steam was distributed with infostealing malware that ran in the background, extracting data from browsers. Source<\/a><\/p><\/div>\n The attackers were targeting data stored in browsers, including saved passwords, autofill info, cookies, and cryptowallet details. At the time of writing, the game is no longer available on Steam. However, neither the platform nor the game\u2019s developer has issued an official statement.<\/p>\n Sometimes dangers lurk not just on Steam, but also on developers\u2019 official sites \u2014 including the biggest names. In 2018, about fifty thousand Minecraft<\/strong> players fell victim to attackers<\/a> who uploaded malicious skins to the official Minecraft<\/strong> website. That platform has a fan-interaction system where any player can share skins they create with others \u2014 and that\u2019s what the attackers exploited.<\/p>\n The Minecraft skins that could reformat hard drives and delete system programs. Source<\/a><\/p><\/div>\n The malware was spread via PNG skin files, and was capable of deleting programs, formatting hard drives, and destroying backup data. One peculiar detail was that some victims received bizarre messages with titles such as:<\/p>\n The malicious code\u2019s specifics make experts believe that professional cybercriminals were likely not behind the attack. Still, the Minecraft<\/strong> case clearly demonstrated the vulnerability of content-sharing mechanisms on gaming platforms.<\/p>\n Installing games, mods, skins, and other gaming software from official sources is, of course, safer than pirating them from shady ones. However, as we\u2019ve shown in this post, even legitimate sites require vigilance.<\/p>\n Many gamers may be skeptical about this last tip, as it\u2019s a common belief in the gaming community that antivirus software slows down games. That may have been true years ago, but tests these days show that the latest security solutions cause no measurable drops in performance<\/a>.<\/p>\n Moreover, Kaspersky Premium<\/a> even includes a dedicated gaming mode. It turns on automatically when a game launches, postponing database updates, notifications, and routine scans until the session ends \u2014 thus minimizing system resource usage.<\/p>\n How else do attackers target gamers? Check out our selection of articles on this topic:<\/p>\n Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.<\/p>\n","protected":false},"author":2726,"featured_media":24656,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1486],"tags":[1520,617,2836,1129,36,2378,2151,164,692],"class_list":{"0":"post-24648","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-backdoors","9":"tag-gamers","10":"tag-games","11":"tag-keyloggers","12":"tag-malware-2","13":"tag-minecraft","14":"tag-stealers","15":"tag-steam","16":"tag-trojans"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/gamer-malware-endgame-gear-steam-minecraft\/24648\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/gamer-malware-endgame-gear-steam-minecraft\/29549\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/gamer-malware-endgame-gear-steam-minecraft\/29474\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/gamer-malware-endgame-gear-steam-minecraft\/40529\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/gamer-malware-endgame-gear-steam-minecraft\/54336\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/gamer-malware-endgame-gear-steam-minecraft\/29657\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/gamer-malware-endgame-gear-steam-minecraft\/35403\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/gamer-malware-endgame-gear-steam-minecraft\/35031\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/gamers\/","name":"gamers"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24648","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=24648"}],"version-history":[{"count":6,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24648\/revisions"}],"predecessor-version":[{"id":25435,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/24648\/revisions\/25435"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/24656"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=24648"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=24648"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=24648"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
Malware in three early-access Steam games<\/h2>\n
\n
![\"PirateFi:](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/09\/18155744\/gamer-malware-endgame-gear-steam-minecraft-2-2.jpg\")
<\/a>![\"Steam](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/09\/18155747\/gamer-malware-endgame-gear-steam-minecraft-3-1.jpg\")
<\/a>![\"Sniper:](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/09\/18155750\/gamer-malware-endgame-gear-steam-minecraft-4-2.jpg\")
<\/a>![\"Chemia](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/09\/18155753\/gamer-malware-endgame-gear-steam-minecraft-5-1.jpg\")
<\/a>Malicious skins on the official Minecraft website<\/h2>\n
![\"Malicious](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2025\/09\/18155755\/gamer-malware-endgame-gear-steam-minecraft-6-1.jpg\")
<\/a>\n
How to avoid becoming a victim<\/h2>\n
\n
\n