Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.

Threat actors continue to take advantage of the hype surrounding the release of the videogame Cyberpunk 2077 in a variety of ways. The latest twist is ransomware targeting Android devices disguised as a legitimate download of the new open-world game.

Kaspersky researcher Tatyana Shishkova discovered the malware earlier this week, and in a tweet described the sample as a type of CoderWare ransomware, more specifically of the “Black Kingdom” family.  She noted that the malware code was being promoted as a download of Cyberpunk 2077 from a fake version of the Google Play mobile app marketplace.

The listing for the game, which is named “Cyberpunk 2077 Mobile (Beta),” even had reviews from users so as to appear legitimate – as seen on one of several screenshots of the scam that Shishkova posted on Twitter.

If users click on the download and execute the binary, they received a message informing them that they’ve been infected with CoderWare ransomware. Next, victims are advised, via the ransomware note, to take a screenshot of the message, which contains information for decryption. Hackers request that victims pay $500 in Bitcoin to obtain the key for unlocking decrypted files.

Shishkova, however, noted that CoderWare ransomware uses a hardcoded key, which means that paying the ransom may not be necessary if someone falls victim to the scam.

“RC4 algorithm with hardcoded key (in this example – ‘21983453453435435738912738921’) is used for encryption,” she tweeted. “That means that if you got your files encrypted by this #ransomware, it is possible to decrypt them without paying the ransom.”

CoderWare: A Magnet for Cyber Punks

CoderWare has been linked to Cyberpunk 2077 in the past. The Malware Hunter team tweeted in November that they had discovered a version of the ransomware for Python disguised as a Windows Cyberpunk 2077 installer, according to a report in BleepingComputer. Both that version of CoderWare and the one discovered by Shishkova appear to be variants of the Black Kingdom ransomware, which was seen earlier this year in attacks on Pulse Secure VPNs.

The hotly anticipated Cyberpunk 2077 lets players create a character called “V” who lives in Night City and even features a digital Keanu Reeves as a major character. Before the game was even released, threat actors were exploiting its popularity with scams offering “free copies” of the game while stealing personal information, something researchers at Kaspersky also uncovered.

The latest scam is similar but with a twist, as the game is already available for purchase and download for PC, PlayStation 4, Xbox One and Stadia, with compatibility with PS5 and Xbox Series X for a price tag of $60.

Rocky Release of Cyberpunk 2077

As if cyber threats surrounding the game aren’t enough to turn game enthusiasts off, there are myriad other issues with Cyberpunk 2077 that gamers have reported with the initial release of the title, including poor performance and numerous bugs and glitches that make the user experience less than pleasant.

It’s gotten so bad that Sony even pulled the game from the PlayStation store, offering those who purchased it already a full refund. To make matters even worse, some users seeking refunds then experienced problems with downloading the form to register for that refund, something Sony said it would fix as soon as possible.

“What a mess!” tweeted James Webber, a writer and director who already downloaded and played Cyberpunk 77—expressing what is likely a similar sentiment among early adopters. “Despite quite enjoying the game so far, I’ve encountered almost too many bugs to count. Hoping for a patch asap.”

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.

Discussion

  • Gareth on

    Why are we acting like this is new? There's been tons of these types of things going on for years now, there's been multiple GTA V versions of this, this isn't news this is just finding new reasons to pick on CDPR for the wrong reasons.
  • Piroko on

    This doesn't seem to be involved with the game at all? The makers just used a popular title to draw in people for more targets. So why is this post seemingly trying to blame it on the game developers as if they have any control over this?
  • Anonymous on

    What is the point of this article? "Cyberpunk headaches grow", as if the game has anything to do with rtsrds downloading an obviously fake app.
  • Anonymous on

    How is this even an article? A game that barely runs on anything has a mobile version? If course it's malware.
  • Not dumb on

    Lmao. If you think this will run on an android mobile device when it crashes all day on xbox and playstation consoles, you're an idiot that deserves to be scammed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.