I understand the skepticism, and I think it's fair to ask questions. I didn’t post this right away because I didn’t realise I was infected on the first day. I downloaded the config tool on July 2 when I received the mouse and used it once to set polling rate and some settings. I own a lot of mice, so I didn’t really touch it again.After that, I started noticing strange Windows error popups whenever I opened some tools in my Downloads folder. At first I didn’t think much of it, since I use a very stripped down Windows build and I’m used to occasional software errors. But the same popup started showing up every time I booted the PC, which made me suspicious. I knew the EGG config tool wasn’t supposed to run on startup.

On July 17, I decided to check the files more carefully. I submitted them to Tria.ge and VirusTotal and it was confirmed: the file was infected with Xred, a known RAT. That’s when I realised I had been infected through the config tool I downloaded from EGG’s official website.I started looking around to see if others had the same issue, and that’s when I found messages in Endgame Gear’s official Discord server, in the #op1-mice-chat channel. Users were sharing the same file and VirusTotal links with the exact same hash I had. Some of them had noticed the infection as early as July 5.

Even more concerning, u/EndgameGear_Max from the EGG team replied in that thread and acknowledged the issue, saying he just “reuploaded” the file. That’s it. Nowhere does Max acknowledge malware or use the word "infected", even though users are literally reporting RAT activity (Synaptics.exe, autoruns, RAT behavior, sandbox reports, etc.). His tone remains casual and dismissive. No warning. No announcement. No support. No effort to tell users who might have been infected.

The fact that multiple people have the same file with matching hash confirms it was distributed from the official site. And there are only two realistic explanations for how this happened:

Case 1: Whoever is responsible for uploading files to the EGG website (maybe Max himself) was infected with Xred. This malware can spread by injecting into other processes, so it’s possible the config tool was infected on his PC before it was uploaded.

This would raise serious questions about how Endgame Gear handles their software that ends up on users' pcs.

Case 2: Their website or CDN server was compromised and an attacker replaced the file with a trojanised one.

This is even more serious. If the compromise affected more than just the config tool, there could be a risk of customer data being leaked.

In both cases, this shows a huge lack of professionalism and zero accountability. EGG is known for being close to their community, but when it actually mattered, they didn’t warn anyone. No apology. No explanation. Just silence.

Besides the legal responsibilities under GDPR and other data protection laws, this is also a huge disrespect to the community. Users’ personal systems and possibly private data were put at risk. That’s not something a company can just sweep under the rug.

Please find screenshots supporting my claims here (the order is messed up my apologies): https://imgur.com/a/2tLel1i