Video game publisher 2K pointed it out your customer support system has been hacked by a third party involved in sending fake emails to spread the RedLine malware. The goal of the malicious actor was to steal data that could be accumulated through various applications and services.

For those of you who are lost, 2K is the publisher of a number of well-known game franchises, including NBA 2K, BioShock, Civilization, XCOM, Borderlands, WWE 2K and PGA Tour 2K. Users started receiving emails on September 20th that they had opened a ticket with ‘2ksupport[punto]zendesk[punto]com’, 2K’s online support system.

The thing was detected by users when they verified that the tickets came from the 2K online support system but never opened them. Those who bit received another email with a response to the ticket from an alleged representative of the company nicknamed “Prince K”. This last email contained a link originating from the support website to a downloadable file called “2K Launcher.zip” masquerading as a new game launcher.

Source: BleepingComputer

ZIP file to continue the lie, contained inside an executable named “2K Launcher.exe”. At BleepingComputer, they verified through the properties that the executable was not from 2K because its original name was “Plumy.exe” and it only had “5K Player” in the description. However, I’m sure more than one reckless person fell into the trap of thinking that this was some kind of help offered ex officio by 2K.

VirusTotal and Any.Run confirmed this executable is actually the RedLine malware, which attempts to steal a large amount of data it owns, including some that can seriously endanger users. It is one of the most widespread malware among those sold through the dark web and hacker forums, and is currently spread through YouTube videos, phishing attacks, fake cheats, and cracks, among others.

At BleepingComputer, they not only verified the origin of the malicious file by looking at its properties, but also analyzed it to find that the RedLine version had spread through 2K support targets. Steam, Discord, web browsers and FileZilla FTP client.

In case you have fallen into the trap, it is recommended to perform the process of scanning your computer with an anti-malware solution as soon as possible, delete and uninstall the malicious program and change all passwords used through the mentioned applications.