American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links. “Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers,” 2K’s support account tweeted on Tuesday after reporters broke the story on the security breach. “The unauthorized party sent a communication to certain players containing a malicious link. Please do not open any emails or click on any links that you receive from the 2K Games support account.” The company said it would issue a notice to let players know when it will be safe to start interacting with its support staff again. “We will issue a notice when you can resume interacting with official 2K help desk emails, and we will also follow-up with additional information as to how you can best protect yourself against any malicious activity,” 2K said.
At the beginning of the incident, 2K customers started receiving emails saying they opened support tickets on 2ksupport.zendesk[.]com, 2K’s online support ticketing system. While the users confirmed these tickets were accessible via 2K’s help desk portal, numerous recipients stated on Twitter and Reddit that they were not the ones who opened these support tickets. Soon after the tickets were opened, they also received another email in reply to the original ticket from an alleged 2K support representative named ‘Prince K’. These emails included links to download a file named ‘2K Launcher.zip’ from 2ksupport.zendesk.com. As reporters found, the archive contained an executable that is the RedLine information-stealing malware, according to VirusTotal and Any.Run scans. RedLine Stealer is an info-stealer malware that threat actors use to steal a wide range of data after infecting one’s system, including web browser history, cookies, saved browser passwords, credit cards, VPN credentials, instant messaging content, cryptocurrency wallets, and more. While 2K is yet to provide any information on this, it’s unclear if the attack on its support system is linked to the Rockstar Games hack over the weekend, but the timing is suspicious. Both companies are subsidiaries of Take-Two Interactive, one of the largest video game publishers across the Americas and Europe. The threat actor behind the Rockstar Games breach has also claimed the recent Uber hack, which was believed to be orchestrated by a hacker affiliated with the Lapsus$ extortion group. 2K is the publisher behind numerous popular game franchises, including NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization, and Xcom.