Pierluigi Paganini December 18, 2020

A threat actor is spreading ransomware dubbed CoderWare that masquerades as Windows and Android versions of the recent Cyberpunk 2077.

Crooks are spreading fake Windows and Android versions of installers for the new Cyberpunk 2077 video game that is delivering the CoderWare ransomware. Cyberpunk 2077 is a 2020 action role-playing video game developed and published by CD Projekt, it was one of the most

It is not the first time that threat actors attempt to exploit the interest of the gamers into new video games like has happened with mobile versions of the popular Fortnite back in 2028.

The fake version of the Cyberpunk 2077 game was discovered by Kaspersky researcher Tatyana Shishkova and reported by BleepingComputer.

Shishkova has discovered a fake Android version of the game that was being distributed from a website impersonating the legitimate Google Play Store.

The good news is that the CoderWare ransomware uses a RC4 algorithm with hardcoded key, this means that victims can decrypt their files without paying the ransom.

Bleeping Computer pointed out that a Windows version of Cyberpunk 2017 installer was spotted in November by malware researchers at MalwareHunterTeam.  The malware employed in the attack was calling itself CoderWare, but the researchers reported that it is a variant of the BlackKingdom ransomware that was appending the ,DEMON extension to the filenames of the encrypted files.

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]