Fake Cyberpunk 2077 Android app infects gamers with ransomware

CoderWare ransomware is behind the scam: researchers note that it is easily decryptable

Fake Android mobile version of Cyberpunk 2077 is spreading CoderWare ransomware

The much anticipated Cyberpunk 2077 computer game was released on December 10, and cybercriminals were well aware of it. They were quick to abuse the launch for their own benefits, and the fake Android version of the game arrived just a few days after the original's release. The instance of malware being distributed as disguised mobile versions of popular games is not unique – Fortnite,^[1] Valorant, and other games were similarly abused by hackers before.

The malicious binary is distributed via a spoofed Google Play Store website that looks identical to the original one, making malware delivery a much easier task. Threat actors also included fake reviews, ratings, and every other aspect of the original store to make the scam more believable. As soon as users would tap the download button for the alleged “Cyberpunk 2077 Mobile (Beta),” a ransomware code would be executed on the device instead.

Gamers who were tricked into installing the fake Android version of the game had their files encrypted and renamed with .coderCrypt extension. Victims would be shown a popup which claimed that CoderWare was installed on their phones and that they are required to forward $500 worth of Bitcoin within 10 hours to the attackers, or otherwise the data would be deleted permanently.

Luckily, the CoderWare/BlackKingdom ransomware was used with a hardcoded key, which means that all the files can be decrypted with decryption software and without the intervention of cybercriminals. Tatyana Shishkova, a researcher who discovered the new malware campaign, pointed out:^[2]

RC4 algorithm with hardcoded key (in this example – “21983453453435435738912738921”) is used for encryption. That means that if you got your files encrypted by this #ransomware, it is possible to decrypt them without paying the ransom.

Scammers abusing Cyberpunk 2077 hype is a recurring phenomenon

The fake cell phone game disguised as a popular computer game isn't an isolated incident. In 2019, way before the original game was even introduced, a fake installer^[3] was offered in torrents, warez, cracks, and similar sites. Instead of getting the Cyberpunk 2077 game, users' computers were infected with various malware, including Racoon trojan.

Earlier this year, at the end of November, another fake installed was detected,^[4] but that one spread ransomware. It appended all encrypted files with .DEMON extension, and unlike the fake cell phone game, it is unknown whether the hardcoded key was used in its coding and the data was decryptable without the hackers' interference.

Right before the game was released, several hoax websites emerged around the web, as reported by Kaspersky.^[5] Allegedly, players were offered a free Cyberpunk 2077 copy, and all they had to do is complete a survey that would provide them with an activation key. Of course, this was a scam once again, and the attackers managed to snatch personal user information, later using it for nefarious purposes.

All this just reiterates the importance of not trying cracked or pirated game versions because users might end up with a lot more than they expected. Instead, gamers should rely on the official release versions, currently available on Steam, GOG, Epic Store Launcher, and Xbox stores.

Cyberpunk 2077 release disaster

Cyberpunk 2077 is possibly the most anticipated game of the year, if not a decade. As much as players waited for the game, many were largely disappointed with weak AI, lack of customization options, and other in-game features. This was just the tip of the iceberg since the performance of current-gen consoles (PlayStation 4 and Xbox One) was disastrous – FPS drops, crashes, and errors were common occurrences. The in-game glitches were also very prevalent, ruining the immersion for many.

While the developer CD Project Red already released two patches (1.04 and 1.05) that addressed many of the technical issues on both PC and console versions, Sony decided to pull out the game from its digital store until further notice and is now offering refunds for everyone who bought Cyberpunk 2077 via the digital store. There is yet no date on when Sony will resume sales on the platform.

Even though the developer promised to bring the game up to standard, gamers should not look for “Cyberpunk 2077 Mobile (Beta)” versions around the web, as it would most certainly result in malware infection. CDPR has plenty of work to do while trying to fix the game on all platforms and has no intentions of releasing it on neither Android nor iOS devices.