Gaming peripheral manufacturer Endgame Gear has disclosed a significant security incident involving malware-infected software distributed directly from its official website. The company issued an urgent security advisory after discovering that the configuration tool for its OP1w 4k v2 mouse was compromised.
This breach specifically affected users who downloaded the software from the product’s dedicated page between June 26 and July 9, 2025, inadvertently installing malicious code onto their systems along with the legitimate mouse configuration utility. Endgame Gear responded swiftly, taking immediate action to mitigate the threat and launch a thorough investigation into the source of the compromise.
The company has emphasized that the security incident was highly targeted and isolated. The breach was confined solely to the download link on the OP1w 4k v2 wireless mouse product page. All other official distribution channels, including the main downloads page on endgamegear.com.
The company’s GitHub repository, and their official Discord channel, were confirmed to be secure and contained only clean, unaffected files throughout the incident period. Furthermore, no other Endgame Gear products or their corresponding software tools were impacted by this security lapse.
Users can identify whether they have the malicious version by checking the file’s properties. The legitimate, clean software measures approximately 2.3MB when unzipped, whereas the malware-infected version is noticeably larger at around 2.8MB. Another clear indicator is the file’s metadata; the infected file incorrectly displays “Synaptics Pointing Device Driver” as the product name in Windows file properties, a stark contrast to the correct designation, “Endgame Gear OP1w 4k v2 Configuration Tool.”
Endgame Gear became aware of the issue through online discussions among its user community, prompting an immediate response.
Upon discovery, the compromised file was promptly removed from the website, and a comprehensive internal investigation was initiated. The company has since confirmed that its file servers were not directly breached and that no customer data was accessed or exfiltrated during the incident, as the attack was focused on compromising a single downloadable file rather than the server infrastructure itself.
In the wake of the breach, Endgame Gear has reinforced its security protocols to prevent future occurrences. The company has already implemented several key enhancements, including more rigorous malware scanning procedures for all files both before and after they are uploaded to company servers. Additionally, the hosting infrastructure has been bolstered with reinforced anti-malware protections, ensuring a more secure environment for all future software distributions and protecting customers from similar threats.
Reference:
