2K Video games Discloses Startling Safety Breach, Tells Gamers Not To Open Assist Emails

2K, the writer of quite a few online game collection, together with Borderlands, Civilization, and Bioshock, has issued a discover to warn clients that an unknown actor not too long ago gained unauthorized entry to its assist desk platform. The risk actor in query abused this entry to distribute malware by the use of the 2K Video games assist electronic mail handle. The writer’s discover emphatically states, “Please don’t open any emails or click on on any hyperlinks that you simply obtain from the 2K Video games assist account.” For individuals who might have clicked on a malicious hyperlink despatched by the 2K Video games assist electronic mail handle, we provide some advisable actions down beneath.

This safety breach comes on the heels of a knowledge breach at Rockstar Video games, the developer of the Grand Theft Auto (GTA) franchise. Each Rockstar Video games and 2K are owned by Take-Two Interactive, which makes us wonder if the 2K safety breach is said to the Rockstar Video games breach. For these unfamiliar with the latter, an unknown actor not too long ago stole GTA 6 gameplay footage from Rockstar Video games and revealed it on the general public boards for the franchise. The hacker additionally claims to have stolen supply code for each GTA 5 and 6. Whereas the actor behind this information breach is presently unknown, he claims to be the identical actor behind the latest Uber safety breach, who Uber believes to be related to the LAPSUS$ hacking group.

Now, not even every week after the Rockstar Video games breach, a risk actor accessed the 2K assist desk and used it to ship out phishing emails. Usually phishing emails are despatched from an electronic mail handle at a site identify that appears much like that of a official firm or web site to trick customers into believing the e-mail was despatched by a official supply. Nevertheless, risk actors don’t must trouble with this system if they will ship emails instantly from the e-mail handle of a official firm.

The emails despatched by the risk actor utilizing the assist@2k.com electronic mail handle present updates on the standing of a faux assist ticket. An preliminary electronic mail informs recipients that the assist request is underneath evaluate. A second electronic mail then directs recipients to obtain a file offered as a brand new 2K Video games launcher utility. The file, named 2K+Launcher.zip, installs the RedLine stealer malware, which swipes all types of private info from contaminated computer systems, together with system info, browser historical past, cookies, bank card info, cryptocurrency pockets info, and login credentials saved in internet browsers.

Anybody who not too long ago opened an electronic mail from 2K Video games assist and downloaded a file can take plenty of steps to test for malware and safe their accounts. The best test customers can carry out is to go to the VirusTotal web site and add any recordsdata they might have downloaded from a hyperlink displayed in a 2K Video games assist electronic mail. VirusTotal can scan the file utilizing over 70 totally different antivirus scanners to test for a malicious payload.

Customers may test their programs for the presence of malware with an antivirus scanner like Malwarebytes. Malwarebytes provides a free utility for each Home windows and Mac that’s straightforward to put in, use to run a full scan, then uninstall.

Customers also needs to test their browsers to see whether or not there are any saved passwords, addresses, or bank card credentials, because the RedLine stealer malware can learn and exfiltrate this info. Customers can test for saved passwords in Chromium-based browsers, akin to Chrome and Courageous, by coming into chrome://settings/passwords into the handle bar. Customers can do the identical in Firefox-based browsers by coming into about:logins. Customers may test for saved bank card info and addresses by visiting chrome://settings/autofill in Chromium-based browsers and Settings > Privateness & Safety > Varieties and Autofill > Saved Addresses/Saved Credit score Playing cards in Firefox-based browsers.

Customers who not too long ago acquired emails from 2K Video games assist might wish to setup multi-factor authentication (MFA) and alter the login credentials for any companies for which login credentials are saved within the customers’ browsers. These similar customers might also wish to freeze their credit score if bank card info is saved of their browsers. Lastly, customers ought to test their electronic mail accounts and purchasers to make it possible for there aren’t any new guidelines forwarding their electronic mail to unfamiliar electronic mail accounts. Examine along with your electronic mail supplier for the precise course of to perform this.

The 2K discover informing clients of the safety breach tells clients that the writer will “challenge a discover when you possibly can resume interacting with official 2K assist desk emails,” so watch the 2K Assist Twitter account for an additional discover earlier than interacting with 2K assist over electronic mail any additional.

High Picture courtesy of Dominik Deobald