Hackers compromised the support system of 2K games to deploy Redline password stealing malware via sending fake support tickets to gamers….

Continue reading
The support system of American video game producer 2K has been infiltrated by hackers, who are now sending support tickets to players, concealed with RedLine password-stealing malware.
2K is the publisher of notable video game series such as NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization, and Xcom.
The online support ticketing system, 2ksupport.zendesk.com, has started notifying 2K customers through email that a ticket has been filed. While the users verified that these tickets were produced, several receivers on Twitter and Reddit asserted that they were not the ones who opened the tickets.
A response to their ticket was sent to the players shortly after the tickets were opened, purportedly from a 2K support person going by the name _"Prince K."_
'2K Launcher.zip,' feigning to be a new game launcher, was attached to this email and housed on 2ksupport.zendesk.com.
_"Thank you for contacting 2K Support. The latest 2K games launcher is available for download below"_ review the customer support tickets received to 2K.

*2K support tickets deployed with RedLine stealer attached*
If you look at the file characteristics of the 107 MB application titled _"2K Launcher.exe"_ within the ZIP you downloaded, you can see that it is not a legit copy of 2K.
The file, for example, is not digitally signed by the firm and bears the name 'Plumy' and the file description '5K Player.'

*Malware properties of 2K Launcher.exe*
This application is the data-stealing malware RedLine, according to VirusTotal and Any.Run.
RedLine Stealer is malware that tries to steal a range of information, including browser history, browser cookies, stored browser passwords, credit cards, VPN passwords, instant message content, system information, and cryptocurrency wallets.
One of the most pervasive malware, it is currently used in phishing, YouTube videos, and assaults using bogus game cracks and cheats. It is marketed on dark web marketplaces and hacking forums.
As shown below, Secure Blink's analysis of the 2K Launcher.exe reveals that the malware targets many directories, including FileZilla, Discord, Steam, and web browsers.

*RedLine stealer targeting to steal data*
If you have downloaded and run the false 2K Launcher on a Windows device, this should immediately be checked with anti-virus software and eliminate any possible threats.
In addition, it is highly advised to change passwords on any frequently visited websites to something unique and robust.
Currently, 2K's support system appears to be unavailable, with users unable to access their tickets using their login credentials.
A threat actor also revealed over the weekend that they had accessed Rockstar Games and began releasing unpublished Grand Theft Auto VI gameplay footage and source code files for both GTA V and GTA VI.
Rockstar Games and 2K are both subsidiaries of Take-Two Interactive, one of the major video game companies in North America and Western Europe.
There is no proof that the attack on 2K's support system is connected to the one on Rockstar Games, but the coincidence seems alarming.

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.