2K warns customers: Don't trust recent support emails, don't click on links

pcgamer.com:

2K Games has warned customers to ignore any recent customer support messages it may have sent, even if they appear to be from a legitimate source.

It's not that someone is spoofing the 2K support email address. It's much worse: Someone gained access to the actual platform 2K uses to provide customer support, apparently by stealing the credentials of a support contractor 2K uses, and «sent a communication to certain players containing a malicious link.»

«Please do not open any emails or click on any links that you receive from the 2K Games support account,» the company said in a message posted to the 2K Support Twitter account, which was not compromised. The 2K Support website, support.2k.com(opens in new tab), is temporarily closed—visiting it presently displays a login page.

The malicious link was reportedly disguised as a download link for the 2K Launcher, but would actually lead to the victim downloading malware designed to steal passwords saved in browsers, according to an analysis of the file requested by Reddit user TronFan(opens in new tab), who received one of the fake support emails and realized it was suspicious.

2K's first suggestion for anyone who clicked the link is to reset passwords stored in their browser, which supports the conclusion that the malware is a password stealer. 2K also recommends enabling multi-factor authentication where available (just a good idea in general), running an antivirus scan, and checking email settings for unexpected new forwarding rules.

If you didn't click a link from a recent 2K Support email, don't do that, obviously. I'd avoid downloading files linked in emails in general; it's better to navigate to the website that hosts the file yourself.

2K says it will put out a notice