Security researcher and malware analyst, Tatyana Shishkova, has found ransomware targeting mobile gamers. Identified as CoderWare, the ransomware impersonates itself as the mobile version of the newly launched Cyberpunk 2077.
The ransomware hasn’t presently managed to appear on Google Play Store. Rather it is being distributed via a fake website that mimics Play Store.
While Cyberpunk 2077 has had a bumpy launch after a lot of delays, we all know that the game is only available for PC and gaming consoles. So unmistakably, there is no mobile version of the game.
What does Ransomware do to your phone?
As the ransomware reaches the victim’s devices, the malware locks the user out of the device. It encrypts all the files whilst adding a .coderCrypt extension. Although, such encryption and the subsequent ransom demand would panic the user.
Once the user’s data gets encrypted, he/she will then have to pay $500 (~Rs 36,915) in Bitcoin to decrypt it. The user will get only 10 hours to pay the ransom. Otherwise, all the data will be permanently deleted.
However, according to the researcher, the malware uses the RC4 algorithm for encryption. Tatyana mentions that there is a hardcoded decryption key in the CoderWare ransomware.
She has shared the decryption key so that the affected users can use a decryptor to get back their files and data without paying a single buck.
Is this the first time that a ransomware attack like this has been used?
This isn’t the first time. In November, the MalwareHunterTeam discovered similar ransomware targeting Windows systems. That ransomware also called itself CoderWare and belonged to the BlackKingdom ransomware family. At that time, it posed as Cuberpunk 2077 installer.
Upon encryption, the Windows variant added a .DEMON extension to the encrypted files.
It is advised to all Cyberpunk 2077 fans that they should check the authenticity of the game before downloading, and should always download and install games from a trusted website.