Endgame Gear confirms it had malware-compromised mouse software on its official site but promises changes to prevent it happening again

News
By last updated

Packaged for a while with the Endgame Gear OP1w 4K V2 configuration tool.

An Endgame Gear OP1w 4K gaming mouse on a desk.
(Image credit: Future)
Jump to:
Recent updates

23 July, 2025: Endgame Gear has given an official statement on the issue. Hear what the company has to say at the bottom of this article.

Well, this is a first for me: Software for a gaming mouse from the manufacturer's own site had, for a while, been compromised with XRed malware. Igor of Igor's Lab first noticed the reports coming in about the Endgame Gear OP1w 4K V2 configuration tool on the MouseReview subreddit. The reports suggest the tool had what seems to be bona fide malware packaged in with it and the company has now changed the file to a non-infected one.

According to the initial report from Redditor Admirable-Raccoon597, the "trojanised" (infected) file was what users would download from the company's link to the tool from at least July 2, 2025 (which was when they first downloaded it) until July 17, 2025, when it was replaced with the clean version:

"This clearly shows the vendor's download path changed sometime between July 2nd and 17th, and the earlier version was infected. It came from their official CDN, not a third-party mirror."

The same user shared elsewhere that an Endgame Gear official acknowledged the problem and reuploaded the file: "Even more concerning, u/EndgameGear_Max from the EGG team replied in [the Discord thread the user posted in] and acknowledged the issue, saying he just 'reuploaded' the file. That’s it."

Apparently the malware is a remote access trojan (RAT), which can allow an attacker to take control of your computer in some way. The Redditor says the files were submitted to online virus checkers and they were confirmed to be infected with the XRed backdoor, which Broadcom explains has "sophisticated capabilities as it collects system data information that it transmits the data using SMTP to email addresses."

An Endgame Gear OP1w 4K gaming mouse on a desk.

(Image credit: Future)

Broadcom continues: "This backdoor also has notable persistence capabilities by using hidden directories and Registry Run Keys while attempting to remain hidden in trojanized software. It additionally has worm-like propagation via USB drive capabilities."

To know if you're infected, the Redditor who reported the problem says you can enable viewing hidden files and then check in C:\ProgramData\Synaptics. If you see Synaptics.exe there, apparently you're infected.

It's worth noting that another Redditor points out that most users' basic antivirus software built into Chrome and Windows should have caught this: "Defender and Google Chrome caught it at the time. VT had 66/71 AV detections so practically anyone with any AV during that small time window would've caught it as well. I think the margin of people who ran the tool with embedded XRed without getting a warning is extremely small considering the detection rate and time window."

Still, malware can sometimes be a numbers game: Get your file into the wild and hope you nab even just a small percentage of victims.

The fact is, it looks like there was genuine—and really quite malicious—malware hosted on an official Endgame Gear content delivery network (CDN), sitting waiting for PC gamers with the OP1w 4K V2 mouse to download it.

At the time of writing there has been no public statement from Endgame Gear, though we are reaching out for an official comment.

Update from Endgame Gear

Endgame Gear has released an "important security update regarding the OP1w 4k v2 configuration tool." This update mostly confirms what we already knew and suspected.

The company says:

"We are issuing this statement to inform you of an isolated security incident involving a malware-infected version of our Configuration Tool for the OP1w 4k v2 mouse. This compromised file was distributed unnoticed via the OP1w 4k v2 product page on our brand store between June 26th to July 9th on this domain only: www.endgamegear.com/gaming-mice/op1w-4k-v2."

Endgame Gear explains that the file has been removed, and that "all other official sources for our software and firmware" other than the OP1w 4k v2 product page "were not affected and contained clean files. No other v2 products or their configuration tools were impacted."

Furthermore, "access to our file servers was not compromised, and no customer data was accessible or affected on our servers at any time.

"As an immediate response, we thoroughly checked all our hosted software and firmware files for malware, confirming no other files were infected. While our investigation into the exact point of compromise is ongoing, we have already implemented, and continue to implement, several significant security enhancements:

  • "Implementation of additional malware scans for all files both before and after upload to our servers (done)
  • Reinforcing anti-malware protections on our hosting servers (done)
  • Discontinuing product page-specific downloads and centralizing all software downloads to our main Downloads page (ongoing)
  • Adding integrity verification: Providing SHA hashes for all downloads to allow users to verify file integrity (ongoing)
  • Adding digital signatures to all our software files to confirm authenticity (planned to be implemented ASAP)"

It's not great that this happened in the first place, but at least it seems like actual changes are being put into effect to prevent it from happening again.

If you downloaded the file between 26 June and 9 July, it recommends checking to see if you're infected ("Infected files will display 'Synaptics Pointing Device Driver' as the 'Product name', while clean files will display 'Endgame Gear OP1w 4k v2 Configuration Tool'" in the Details tab of the file's Properties window). If you are, it recommends deleting the file, checking for the Synaptics folder we mentioned above and deleting it, and then performing a thorough antivirus scan.

Endgame Gear ends by recommending you download a clean version of the file from its official downloads page, which is now found on the main Downloads page, where all downloads should be as soon as all the downloads are consolidated.

Razer DeathAdder V3 Hyperspeed gaming mouse
Best gaming mouse 2025

👉Check out our full guide👈

1. Best wireless:
Razer DeathAdder V3 HyperSpeed

2. Best wired:
Logitech G502 X

3. Best budget wireless:
Logitech G305 Lightspeed

4. Best budget wired:
Glorious Model O Eternal

5. Best lightweight:
Turtle Beach Burst II Air

6. Best MMO:
Razer Naga Pro

7. Best compact:
Razer Cobra Pro

8. Best ambidextrous:
Logitech G Pro

9. Best ergonomic:
Keychron M5

TOPICS
Jacob Fox
Jacob Fox
Hardware Writer

Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob's led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world's #1 PC Gaming site full-time. It's definitely not an ego thing, he assures us.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.