Editor's take: Users often trust technology companies to always do the "right thing," assuming that downloading utilities and configuration tools from official sources is safe. However, that trust isn't foolproof, and some tech companies may not even warn you if something goes wrong.
Endgame Gear recently distributed a malicious software package bundled with the official configuration tool for its OP1w 4K V2 wireless gaming mouse. Customers discovered the issue the hard way, while the company quietly replaced the infected package without admitting any wrongdoing. Now, the user who first encountered the malware is accusing Endgame of violating GDPR regulations and is calling for an official investigation.
The troubling "security alert" first surfaced on Endgame Gear's official subreddit. A Reddit user reported that he had downloaded the OP1w 4K V2 configuration tool on July 2, directly from the company's official website. After running the tool, he noticed suspicious behavior and soon discovered that the executable had been "trojanized" with XRed malware.
Symantec warns that XRed is a backdoor trojan with advanced capabilities, including the ability to collect system information and transmit it to a remote server via SMTP. Additionally, the malware uses hidden folders and Windows Registry modifications to persist after shutdown and can even propagate via USB storage devices, behaving like a worm.
The unlucky Endgame customer was able to uncover a hidden folder at C:\ProgramData\Synaptics\, where the infected Synaptics.exe file was stored. The user also discovered that the vendor changed the download path for its software tool sometime between July 2 and July 17, with the earlier version containing the XRed malware.
The backdoor "came from their official CDN, not a third-party mirror. This is either a supply chain compromise, a CDN-level breach, or dangerously negligent file management," the affected customer speculated. We have indeed seen mice catching fire and malware hiding within DNS records before, so we can easily assume that something wrong, and likely unexpected, is going on here.
The infected user explained that the XRed backdoor exposes victims to remote access and data theft, potentially qualifying this incident as a violation of the EU's GDPR regulations. Under European law, companies are required to promptly disclose security incidents that impact user privacy. However, Endgame reportedly replaced the infected file with a clean version without issuing any public warning.
"Since I was directly affected by the infection, I'm currently gathering evidence and preparing to submit a formal report to the Information Commissioner's Office in the UK," the user said.
Endgame Gear has since released an official statement regarding the security incident. The company confirmed that the OP1w 4K V2 configuration tool was indeed infected and that the compromised package has since been removed. According to Endgame, the issue was isolated to that specific download – other official downloads were thoroughly checked and found to be malware-free.
An investigation is underway to determine how the malware infiltrated its servers. In the meantime, Endgame has provided users with detailed instructions on how to check whether their systems were affected and how to remove the unexpected digital pest lurking on their machines.
