Ransomware masquerading as a mobile version of the highly anticipated open-world videogame CyberPunk 2077 has been discovered by security researchers at Kaspersky. A Windows version of the malware has also been discovered.
Kaspersky malware analyst Tatyana Shishkova revealed that a fake website disguised to look like Google’s Play Store was offering a mobile version of the CyberPunk 2077 game but which actually installed ransomware on the unsuspecting victim’s device.
Fortunately, the ransomware, dubbed CoderWare, uses a hardcoded key, which means that a decryptor can be used to recover files without individuals having to pay the ransom fee. According to the ransomware instructions, victims have 10 hours to send $500 worth of bitcoins to the attackers or their encrypted file will be permanently deleted.
You’ve been punked
CyberPunk 2077 was only released on December 10, but cyberattackers have clearly wasted little time in crafting efforts to capitalize on the game’s popularity. In addition to the Android ransomware, a Windows variant of the same malware was initially discovered last month.
The Windows ransomware also goes by the CoderWare name but is actually a variant of the BlackKingdom ransomware that targeted enterprise VPNs earlier in the year. It is not clear yet whether the Windows CyberPunk 2077 ransomware also uses a hardcoded key that would allow victims to decrypt their files without handing over a sizeable sum.
As usual, it is important for individuals to scrutinize websites and applications before they allow them to make changes to their device. With regard to CyberPunk 2077, no mobile version of the game currently exists, so individuals should make every effort to avoid suspicious downloads.