Beware of fake support tickets on behalf of 2K. This is where the password-stealing malware RedLine is hidden.
An IT security incident occurred at the video game publisher 2K and unknown attackers were able to compromise the support system. Fake support tickets are now circulating that want to unload a Trojan on Windows PCs.
password hunt
On Reddit and Twitter reports of such tickets are increasing. Some victims really seem to have opened support tickets. Others get the news unexpectedly. The fake email is sent in the name of non-existent support agent “Prince K”. Attached is an alleged new game launcher (2K Launcher.zip) that is necessary for downloading current games. The file is said to be on an official 2K server.
Of course, the new Game Launcher is nonsense and behind it is the RedLine malware. The Trojan is still on the hunt for login data from online accounts and transmits copied passwords to criminals.
What victims should do now
2K has now confirmed the hack. The attackers are said to have had access to an employee’s access data for the support platform. It is not yet known how they were able to view the data.
Anyone who has received such an email and executed the attachment should reset all passwords stored in the web browser and assign new passwords for all online accounts. In addition, it is advisable to activate two-factor authentication (2FA) for all accounts where it is possible. In addition, an anti-virus scanner should examine the computer.
In such a case, the security tool of the c’t editors Desinfec’t 2022/23 can help. With its Linux live system, it starts instead of Windows and so a trojan cannot do any more damage. With the integrated virus scanners, the inactive Windows can be examined and data can even be brought to safety.
Like the recently hacked publisher Rockstar Games, 2K is a subsidiary of Take-Two Interactive. It is not yet clear whether the incidents are related.
