
Well, this is a first for me: Software for a gaming mouse from the manufacturer’s own site had, for a while, been compromised with XRed malware. Igor of Igor’s Lab first noticed the reports coming in about the Endgame Gear OP1w 4K V2 configuration tool on the MouseReview subreddit. The reports suggest the tool had what seems to be bona fide malware packaged in with it and the company has now changed the file to a non-infected one.
According to the initial report from Redditor Admirable-Raccoon597, the “trojanised” (infected) file was what users would download from the company’s link to the tool from at least July 2, 2025 (which was when they first downloaded it) until July 17, 2025, when it was replaced with the clean version:
“This clearly shows the vendor’s download path changed sometime between July 2nd and 17th, and the earlier version was infected. It came from their official CDN, not a third-party mirror.”
The same user shared elsewhere that an Endgame Gear official acknowledged the problem and reuploaded the file: “Even more concerning, u/EndgameGear_Max from the EGG team replied in [the Discord thread the user posted in] and acknowledged the issue, saying he just ‘reuploaded’ the file. That’s it.”
Apparently the malware is a remote access trojan (RAT), which can allow an attacker to take control of your computer in some way. The Redditor says the files were submitted to online virus checkers and they were confirmed to be infected with the XRed backdoor, which Broadcom explains has “sophisticated capabilities as it collects system data information that it transmits the data using SMTP to email addresses.”
Broadcom continues: “This backdoor also has notable persistence capabilities by using hidden directories and Registry Run Keys while attempting to remain hidden in trojanized software. It additionally has worm-like propagation via USB drive capabilities.”
To know if you’re infected, the Redditor who reported the problem says you can enable viewing hidden files and then check in C:ProgramDataSynaptics. If you see Synaptics.exe there, apparently you’re infected.
It’s worth noting that another Redditor points out that most users’ basic antivirus software built into Chrome and Windows should have caught this: “Defender and Google Chrome caught it at the time. VT had 66/71 AV detections so practically anyone with any AV during that small time window would’ve caught it as well. I think the margin of people who ran the tool with embedded XRed without getting a warning is extremely small considering the detection rate and time window.”
Still, malware can sometimes be a numbers game: Get your file into the wild and hope you nab even just a small percentage of victims.
The fact is, it looks like there was genuine—and really quite malicious—malware hosted on an official Endgame Gear content delivery network (CDN), sitting waiting for PC gamers with the OP1w 4K V2 mouse to download it.
At the time of writing there has been no public statement from Endgame Gear, though we are reaching out for an official comment.
