Peripheral device manufacturer Endgame Gear has acknowledged falling victim to a supply chain compromise where unknown cybercriminals infiltrated their web platform and substituted an authentic setup utility with a weaponized variant harboring malicious code.
According to a statement published on the corporation’s official site, attackers successfully swapped out the legitimate Configuration Tool designed for the Endgame Gear OP1w 4k v2 cordless mouse on June 26, 2025. This corrupted software was distributed directly through the device’s dedicated webpage rather than standard download channels.
The compromised application persisted on their platform for nearly two weeks before being discovered and eliminated on July 9th.
The malicious software in question functions as an information thief, so it’s strongly recommended that users update their passwords, especially for sensitive platforms like banking, corporate systems, email accounts, and social media profiles.
While the company has remained silent on the specifics of the breach—such as the identity of the attackers or the method they used—it emphasized that the infected version was limited to the download link on the product page for one particular device. In contrast, the files available via the main downloads section, GitHub, and Discord were unaffected and remain safe.
Other devices and their respective software were not targeted in the attack.
Endgame acknowledged that it became aware of the compromise only after users began discussing it online, highlighting that it was the broader community that first noticed something was wrong.
Subsequent investigation confirmed that internal file servers were not breached and that no customer data had been exposed during the incident.
To strengthen its defenses and avoid similar breaches in the future, Endgame is eliminating download options tied to individual product pages. Instead, all downloads will be consolidated and offered exclusively through the company’s main download hub.
Additional steps are being taken as well, including more rigorous malware scanning and enhanced security protocols on the company’s servers.
Anyone who may have downloaded the infected file is urged to delete it immediately. It’s also advisable to inspect the system for a hidden directory located at C:\ProgramData\Synaptics, which may indicate the presence of the malware.
Users should perform a comprehensive antivirus scan and then reinstall a verified, clean version of the software.
