Cyberpunk 2077 app is a Ransomware that will encrypt any android phone

A group of malicious hackers is taking advantage of the launch of Cyberpunk 2077 to distribute fake game installers for Windows and Android systems in order to infect victims with the CoderWare ransomware. This is a common practice, especially on dates close to the release of anticipated video games.

The report, published by Tatyana Shishkova, mentions that the malware was detected a few days ago on a fraudulent website that was being passed through the legitimate Play Store platform.

Shishkova ensures that this variant of malware uses a coded key, which means that you can make a decryptor if you need to recover files for free. “The RC4 algorithm with coded key (in the example, <21983453453435435738912738921>) is used for encryption. If affected users use this key, they may be able to recover their files without paying for the ransom.”

The coded key ‘21983453453435435738912738921’ is located in the source code of the ransomware as below screenshot shown.

La imagen tiene un atributo ALT vacío; su nombre de archivo es ransomware1712202001.jpg

CoderWare had already been detected by MalwareHuntTeam experts a few emanas ago, reporting that the payload was disguised as a Cyberpunk 2077 installer for Windows. Apparently this ransomware is a variant of BlackKingdom, detected a couple of years ago.

La imagen tiene un atributo ALT vacío; su nombre de archivo es ransomware1712202002.jpg

The fake installer of the game for Windows was actually an executable compiled in Python that encrypted the victim’s system and added the .DEMON extension to compromised files.

La imagen tiene un atributo ALT vacío; su nombre de archivo es ransomware1712202003.jpg

Kaspersky experts ignore whether the Windows version uses a coded key in the same way as the Android version. This is one more case about the risks of trying to install protected material from unofficial sources; as usual, experts recommend that you do not install such developments on your systems.