Official gaming mouse tool reportedly carried malware - here's how to check if you've been hit

It seems that Endgame Gear has been offering a configuration utility for one of its gaming mice which was infected by malware - though the corrupted tool has since been taken down and replaced with a clean executable.

This issue was first reported on Reddit (see the above post), as Igor's Lab highlighted (via PC Gamer), with the compromised tool - for the OP1w 4K V2 mouse - being located on the official Endgame Gear CDN (and not a third-party mirror).

The Redditor who first stumbled on the malware (Admirable-Raccoon597) observed that after installing the app, they noticed suspicious behavior, and following further analysis, they confirmed a malware infection.

The malware is Xred, which is a remote access trojan (RAT) that allows an attacker to compromise the host PC with the usual variety of nasty possibilities therein.

According to Igor's Lab, the tool was carrying the payload of this trojan for at least two weeks - although Endgame Gear has now dumped the offending download, as noted, and replaced it with a genuine non-infected version of the utility.

How to check for the malware infection

If you've downloaded the tool in question and you're now panicking - understandably enough - there's an easy way to check if you've been infected.

You need to find the ProgramData folder on your C: (or root) drive - note that this is hidden by default (so enable viewing hidden folders in File Explorer) - and look in the Synaptics folder inside. If Synaptics.exe is present there, then you've been hit by the Xred malware - so take appropriate action with a good antivirus.

Of course, a decent antivirus should catch this malware when it shows up on the PC, anyway. As another Redditor notes in the above thread, they were a victim too, but the trojan was picked up by Microsoft Defender, the default AV in Windows (and Google's Chrome browser also flagged the malware).

Going by the reports out there, it's likely that only a small number of gamers were exposed - and only those with wonky security (no decent AV and likely an outdated operating system) would have been affected.

Despite this, there's quite a lot of ill feeling on Reddit towards the gaming mouse maker at this point, and frustrations are being aired not because of the infection itself - although that's obviously problematic - but the failure to disclose and notify customers properly.

As Igor's Lab reports, apparently the only statement made by Endgame Gear regarding the matter was on Discord, saying that the tool had been 're-uploaded' but not even mentioning why, or the presence of any malware.

Maybe we will get an official statement of some kind now that this affair is grabbing more of the limelight in terms of media coverage.