CoderWare Ransomware Masks Itself As Cyberpunk 2077 Mobile Game App

Leveraging the craze the new game has created, threat actors have now begun exploiting the game for malicious activities. As observed, the cybercriminals have deployed ransomware masquerading as the Cyberpunk 2077 mobile game app.

Ransomware Masks As Cyberpunk 2077

Security researcher and malware analyst, Tatyana Shishkova, has found ransomware targeting mobile gamers. Identified as CoderWare, the ransomware impersonates itself as the mobile version of the newly launched Cyberpunk 2077.

The ransomware hasn’t presently managed to appear on Google Play Store. Rather it is being distributed via a fake website that mimics Play Store.

Upon reaching the victim’s devices, the malware locks the user out of the device. It encrypts all the files whilst adding a .coderCrypt extension.

Although, such encryption and the subsequent ransom demand would panic the user.

However, according to the researcher, the malware uses the RC4 algorithm for encryption. Hence, the victim can possibly get the files decrypted without paying the ransom.

Not The First Attempt

This isn’t the first time, though, that a malware has emerged exploiting Cyberpunk 2077. In November, the MalwareHunterTeam discovered a similar ransomware targeting Windows systems. That ransomware also called itself CoderWare and belonged to the BlackKingdom ransomware family. At that time, it posed as Cuberpunk 2077 installer.

Upon encryption, the Windows variant added a .DEMON extension to the encrypted files.

Cyberpunk 2077 is a newly launched combat game that won several awards before launch. It has also made to the news due to back-to-back bugs and glitches with the game version for consoles.

Until this month, CoderWare ransomware has targeted Windows users and now Android users. While the iOS users are seemingly safe until now, they should remain wary of any apps posing as Cyberpunk 2077 game app.

In fact, all Cyberpunk 2077 fans must first double-check the authenticity of any game apps from the legit website before downloading them on the device.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil