Cyberpunk 2077 is a highly anticipated game release that attackers are taking advantage of. A researcher from Kaspersky discovered a new malware sample that is masquerading as an Android download of the game. The researcher, in a tweet, described the sample as a type of Coderware ransomware, specifically from the Black Kingdom family. The malware was being promoted on a website impersonating the Google Play mobile app marketplace as a free game download. The malicious version on the fake Play Store is named “Cyberpunk 2077 Mobile (Beta).” The attackers have added a sense of legitimacy by making false reviews for the download. If a victim clicks on the download and executes the binary, they will receive a message stating that they have been infected with CoderWare ransomware and that they need to pay $500 in Bitcoin for the decryption key. It was noted that the CoderWare ransomware uses a hardcoded key, which means that paying the ransom may not be necessary for the victim to recover their files.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in