Endgame Gear, a German manufacturer of high-performance gaming peripherals, has issued a security alert after discovering that a version of its configuration tool for the OP1w 4k v2 wireless mouse was compromised with malware and distributed via its official website.
According to the company, the infected executable file (Endgame_Gear_OP1w_4k_v2_Configuration_Tool_v1_00.exe) was available for download on the product page of the OP1w 4k v2 mouse between June 26 and July 9, 2025. Users who downloaded the software from the direct URL endgamegear.com/gaming-mice/op1w-4k-v2 during this time frame may have inadvertently installed malicious code onto their systems.
The company said that other distribution channels, including the primary downloads page, GitHub, and its official Discord server, were unaffected and delivered clean versions of the installer. The malware-laden file has since been removed from the site.
“We became aware of this situation involving one of our product pages through online discussions. Following this, we initiated an internal review to better understand the circumstances and address any potential issues. A clean version of the affected file was immediately published as soon as we identified the situation. Importantly, access to our file servers was not compromised, and no customer data was accessible or affected on our servers at any time,” the manufacturer said.
The company has yet to disclose how the malicious code was introduced into the installer.
Reports of suspicious behavior began appearing on Reddit nearly two weeks ago. Users flagged anomalies in the installer’s file size and properties, with the compromised version showing a file size of 2.8MB, which is larger than the clean 2.3MB installer, and identifying itself as “Synaptics Pointing Device Driver” instead of the legitimate configuration tool.
Scans from affected users identified the malware as part of the XRed backdoor family. The malware was previously observed impersonating drivers and being distributed through seemingly legitimate software, including USB-C hubs sold on major e-commerce platforms.
To mitigate risks, users who installed the affected software are advised to delete the C:ProgramDataSynaptics directory and download a verified clean version of the tool. Endgame Gear said it will discontinue isolated product-specific download pages and implement digital signature verification and SHA hash validation on all downloadable files to ensure authenticity and integrity going forward.