The video game publisher 2K has warned that your customer support system was compromised by a third party that has engaged in sending fake emails to spread RedLine malware. The objective of the malicious actor was to steal the data that could be hoarded through different applications and services.
For those of you who are lost, 2K is the publisher of a number of well-known gaming franchises, including NBA 2K, BioShock, Civilization, XCOM, Borderlands, WWE 2K, and PGA Tour 2K. Users started receiving emails on September 20 telling them they opened a ticket on ‘2ksupport[punto]zendesk[punto]com’, 2K’s online support system.
The matter was detected by users when they verified that the tickets came from the 2K online support system, but that they did not open them in the first place. Those who bit received another email with a response to the ticket from an alleged representative of the company nicknamed “Prince K”. That last email contained a link originating from the support website pointing to a downloadable file called “2K Launcher.zip”, which masqueraded as a new game launcher.
The ZIP file, to continue with the lie, contained inside an executable called “2K Launcher.exe”. In BleepingComputer they have verified through the properties that the executable does not come from 2K, since its original name was “Plumy.exe” and in its description it only said “5K Player”. However, surely more than one reckless person has fallen into the trap believing that this was some kind of help offered ex officio by 2K.
VirusTotal and Any.Run have confirmed that the executable is actually the RedLine malware, which attempts to steal a large amount of data in its possession, including some that can seriously compromise the user. It is one of the most widespread malware among those sold through the dark web and hacking forums and is currently being spread through YouTube videos, phishing attacks, fake cheats and cracks, among other ways.
At BleepingComputer they have not only verified the origin of the malicious file by looking at its properties, but they have also analyzed it to discover that the version of RedLine spread through the 2K support targets Steam, Discord, web browsers, and the FileZilla FTP client.
In case you have fallen into the trap, it is recommended to perform a computer scan process with an antimalware solution, delete and uninstall the malicious program and change all the passwords used through the mentioned applications as soon as possible.