Cyberpunk 2077 is a highly anticipated game release that attackers are taking advantage of. A researcher from Kaspersky discovered a new malware sample that is masquerading as an Android download of the game. The researcher, in a tweet, described the sample as a type of Coderware ransomware, specifically from the Black Kingdom family. The malware was being promoted on a website impersonating the Google Play mobile app marketplace as a free game download. The malicious version on the fake Play Store is named “Cyberpunk 2077 Mobile (Beta).” The attackers have added a sense of legitimacy by making false reviews for the download. If a victim clicks on the download and executes the binary, they will receive a message stating that they have been infected with CoderWare ransomware and that they need to pay $500 in Bitcoin for the decryption key. It was noted that the CoderWare ransomware uses a hardcoded key, which means that paying the ransom may not be necessary for the victim to recover their files.
Analyst Notes
As with any anticipated release, scammers will always try to take advantage of unsuspecting people by offering a free version. If a person wishes to download Cyberpunk 2077, they need to pay for the software. The game does not have an Android version. Any download of popular software that claims to be a free version should be treated with suspicion and not downloaded.
Source Article: https://threatpost.com/cyberpunk-2077-headaches-grow-android-spyware/162406/
