Endgame Gear Mouse Tool Spreads Malware to Users
▼ Summary
– Endgame Gear’s OP1w 4k v2 mouse configuration tool hosted on its official website contained malware between June 26 and July 9, 2025, affecting users who downloaded it during this period.
– The compromised file was larger (2.8MB vs. 2.3MB) and falsely listed as “Synaptics Pointing Device Driver” instead of the legitimate tool.
– The malware, identified as the XRed backdoor, has keylogging, remote shell, and data exfiltration capabilities, prompting users to delete infected files and run antivirus scans.
– Endgame Gear confirmed the malware has been removed, and clean versions are available via its main downloads page, GitHub, or Discord.
– The company will implement SHA hash verification and digital signing for future downloads to ensure file integrity and authenticity.
Gaming hardware manufacturer Endgame Gear has issued an urgent warning after discovering malware embedded in its official mouse configuration tool. The compromised software affected users who downloaded the OP1w 4k v2 wireless mouse configuration tool directly from the company’s website between June 26 and July 9, 2025.
The malicious file, hosted on the product page for the OP1w 4k v2, was disguised as the legitimate configuration tool but contained hidden malware. Endgame Gear, a German-based company specializing in high-performance gaming peripherals, confirmed the breach but has yet to disclose how the infection occurred. The firm is known for its lightweight gaming mice, particularly the XM and OP1 series, which have gained popularity among professional gamers.
According to the company’s statement, the infected file, labeled “Endgame_Gear_OP1w_4k_v2_Configuration_Tool_v1_00.exe”, has since been removed. Users who downloaded the tool from alternative sources, including the main downloads page, GitHub, or Discord, were not affected, as those versions remained clean.
Concerns about the malware first emerged on Reddit, where users noticed suspicious discrepancies in the installer. The compromised file was significantly larger (2.8MB compared to the legitimate 2.3MB version) and falsely identified itself as a “Synaptics Pointing Device Driver” in its properties, a clear red flag.
Security researchers analyzing the malware identified it as XRed, a backdoor capable of keylogging, remote system access, and data theft. This malware has previously been linked to fake Synaptics drivers distributed through compromised USB-C hubs sold on Amazon. Endgame Gear is still investigating the full extent of the payload but advises affected users to take immediate action.
To mitigate risks, the company recommends deleting all files from “C:\ProgramData\Synaptics” and reinstalling the configuration tool from a verified source. Additionally, users should perform a full system scan with updated antivirus software and change passwords for critical accounts, including banking, email, and work-related services.
Moving forward, Endgame Gear plans to enhance security by consolidating downloads under a single verified page and implementing SHA hash verification and digital signing for all hosted files. These measures aim to prevent future tampering and ensure users download authentic, malware-free software.
For gamers who rely on high-performance peripherals, this incident serves as a stark reminder to verify downloads from official sources and remain vigilant against potential threats, even from trusted vendors.
(Source: Bleeping Computer)
