The official website of gaming mouse maker Endgame Gear recently hosted a malware-infected configuration tool, and it stayed live for over two weeks before anyone noticed.
From June 26 to July 9, users downloading the setup tool for the OP1w 4K V2 mouse were unknowingly installing the XRed remote access trojan (RAT). The compromised version was distributed through Endgame Gear’s own download page, adding a worrying twist: the malware came from a trusted source.
How the Compromise Was Found
The issue first came to light when a Reddit user reported suspicious behavior after installing the config tool. A sandbox analysis confirmed that the installer had been tampered with. Instead of configuring mouse settings, the tool deployed a RAT disguised as “Synaptics.exe”, a file often associated with legitimate drivers.
Here’s What to Look For
If you installed the tool between June 26 and July 9, you might be infected. To check:
- Navigate to C:\ProgramData\Synaptics
- If you find Synaptics.exe, that’s likely the malware
- Some infected users also reported the executable name listed as “Synaptics Pointing Device Driver” rather than the legitimate tool name
- Microsoft Defender and other antivirus tools have started flagging it. If you haven’t scanned your PC yet, now’s the time
What Endgame Gear Says
Endgame Gear confirmed the incident, stating only the OP1w 4K V2 tool was affected. The company claims the breach was limited to the product download page and that no customer data or other tools were impacted.
They’ve since:
- Removed the infected file
- Uploaded a clean version on a consolidated download page
- Begun publishing SHA hashes for integrity checks
- Promised to start digitally signing future releases
Still, the infected installer remained available until July 17, days after discovery.
Community Reactions
While Endgame Gear’s response has been mostly transparent, some in the cybersecurity community have criticized the delay in public disclosure and lack of proactive notification to affected users.
One Redditor summed it up bluntly:
“It’s wild that an official mouse config tool can ship malware for weeks and users only find out by accident.”
Final Thoughts
If you downloaded the Endgame Gear OP1w 4K V2 configuration tool in early July, act now. Delete the tool, search for signs of infection, and run a full antivirus scan. Even if you’ve removed it, consider monitoring your system for unusual activity, XRed is a stealthy RAT that can persist.
This incident serves as a stark reminder: even trusted brands can become distribution channels for malware. Verification tools like digital signatures and hash checks aren’t just optional, they’re essential.
