New spyware found in Android downloads

Sony pulled the game from the PlayStation store due to a number of performance issues, threatening actors posing as Google Play stores.

Threatening actors continue to exploit the hype surrounding the release of the video game Sebopunk 2077 in various ways. The latest variant is ransomware for devices, which masquerades as legitimate downloads of new Open World games.

Kaspersky researcher Tatyana Shishkova discovered the earlier this week and described the sample in a tweet as a CoderWare ransomware, or more specifically, the “Black Kingdom” family. She points out that the malware code was promoted through Cyber Punk 2077, which was downloaded from the fake version of the Google Play mobile app market.

The game’s list, called Cyber Punk 2077 Mobile( Beta), even got comments from users that made it appear legitimate – such as one of the scam screenshots posted by Shishkova on Twitter.

If a user clicks to download and execute a binary file, they receive a message notifying them that they are infected with CoderWare ransomware. Next, the victim is advised to take a screenshot of the message with ransomware comments that contain the information used to decrypt it. Hackers asked victims to pay $500 in bitcoins to obtain keys for decrypting files.

However, Shishkova points out that CoderWare ransomware uses hard-coded keys, which means that if someone is a victim of the scam, a ransom is not paid.

“(In this case – ‘21983453453435435738912738921’) use hard-coded key RC4 algorithms for encryption,” she said. “This means that if you encrypt files with this ransomware, you can decrypt them without paying ransomware.”

CoderWare: The magnet for online punk
CoderWare has been linked to Cyber Punk 2077 in the past. According to a report by BlendingComputer, the hunters team posted a tweet in November saying they had found a version of Python ransomware disguised as a Windows Cyber Punk 2077 installer. The versions found by CoderWare and Shishkova appear to be variants of the Black Kingdom ransomware, which was discovered in an attack on Pulse Secure earlier this year.

The much-anticipated “Sebopunk 2077” allows players to create a character called “V”, who lives in Night City and even features the digital Keanu Reeves. Kaspersky’s researchers also found that before even releasing the game, actors were threatened with using scams that provided “free copies” of the game and stole personal information to exploit its popularity.

The latest scam is similar, but different, as the game is already available for purchase and download on PCs, PlayStation 4, Xbox One and Stadia and is compatible with the PS5 and Xbox Series X for $60.

The rock version of Sebopunk 2077
As if the online threat surrounding the game wasn’t enough to shut down game lovers, cyberpunk 2077 had many other issues that gamers had reported at the time of the game’s initial release, including poor performance and errors and glitches that led to the user experience. It’s not very pleasant.

Things got so bad that Sony even pulled the game out of the PlayStation store and offered a full refund to those who bought it. To make matters worse, some users seeking a refund then ran into problems registering the refund in a download form, which Sony said it would resolve as soon as possible.