It seems like the problems for Cyberpunk 2077 video game are far from over as the fake Android app is infecting Android devices through a fake website imitating Google Play Store.
Kaspersky Lab’s Tatyana Shishkova has discovered a new Android malware with ransomware capabilities in a fake version of Cyberpunk 2077 video game on a fake marketplace imitating Google Play Store. On this marketplace, the game is listed as Cyberpunk Mobile (Beta).
What’s worth noting is that officially, the game is only available on Windows, Stadia, PlayStation, and Xbox – There is no Android version of it, however, to download Cyberpunk 2077 on an Android device, one needs to have a Stadia subscription, or the game can be bought for a fixed price.
This means threat actors are still trying to exploit the hype surrounding Cyberpunk 2077. The malware was discovered earlier this week. Shishkova tweeted that it is a type of CoderWare ransomware specific to the Black Kingdom family.
Shishkova posted screenshots of the game on Twitter, which shows that the fake app features user reviews to appear authentic. The malware works in such a way that when a user downloads and executes the binary file, a message informs them that their device is infected with CoderWare ransomware.
The user is then shown a ransom note to take a screenshot of the message containing decryption information. As shown in the screenshot below, the victim is requested to pay $500 in Bitcoin to unlock the decrypted files.
However, Shishkova noted that the threat actors had used a hardcoded key with the ransomware, so ransom may not be required to be paid to decrypt the files.
“That means that if you got your files encrypted by this #ransomware, it is possible to decrypt them without paying the ransom,” Shishkova explained.
Cyberpunk 2077 fans should watch out as the game is already in hot waters as Sony has pulled it off from the PlayStation store due to its never-ending performance issues. Nevertheless, malware-infected gaming apps are not new to Android users. In May 2020, a fake mobile version of the Valorant game was caught spreading malware. This happened a month before the game was even released to the public.
In 2018, cybercriminals were found cashing the popularity of Fortnite by spreading fake Android version of the game loaded with nasty malware. The malware was developed to steal the personal data of users.
If you are using an Android device make sure you have a reliable anti-virus app that scans for threats regularly. You should also refrain from downloading apps available on 3rd-party stores and keep your OS updated.