Ransomware Disguised as Mobile Version of Cyberpunk 2077

Cyberpunk 2077 screen shots and image quality comparisons
(Image credit: CD Projekt Red)

Despite the current state of Cyberpunk 2077, eager fans everywhere are still trying to get as much time with the game as they can. This presented the opportunity for some sneaky person/persons to take advantage of this by creating ransomware and disguising it as a mobile version of the game. According to Kaspersky's malware analyst, Tatyana Shishkova, a fraudulent website has been crafted to look like the Google Play Store and offers a mobile version of Cyberpunk 2077. But in actuality, this website has been tricking people into downloading and installing ransomware onto their mobile devices.

This ransomware has been dubbed Coderware, and once it infects a mobile device, the contents are encrypted. The unwilling participants are notified that they have 10 hours to send $500 in bitcoins to the ransomware creator. Failing to do so will result in the encrypted file being permanently deleted; unless you have a backup that isn't infected.

Fortunately, not all is lost as it has been discovered that the ransomware attack uses the same variant as the BlackKingdom ransomware that was released in early 2020. This was pointed out by Tatyana Shishkova, who also provides a way to get around the ransomware. Unlike the BlackKingdom ransomware, the Coderware ransomware uses a hardcoded key, meaning that individuals can use a decryptor to gain access to the encrypted file without paying the hefty sum.

The decryptor is found inside of the source code, as seen in the example below.

Cyberpunk 2077 Ransomware Coderware Source Code

(Image credit: Kaspersky)

Of course, the best way to protect your mobile device is to not download and install unofficial software to it. There is no mobile version of Cyberpunk 2077, nor has there been any announcement of one in development. The only place to play the title is PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, PC, and Stadia. 

Keith Mitchell

Keith Mitchell is a Contributing Writer for Tom's Hardware US. He is an IT professional during the day, and a passionate lover of video games and tech after his 9-5 grind. He has a weird affinity for Soulsborne games and plays them non-stop.

  • alceryes
    ...but does it run better than the actual Cyberpunk 2077?
    :LOL:
    Reply
  • keithdmitchell
    I'm not willing to find out.
    Reply
  • alceryes
    Both Google and Apple need to police their 'stores' better.
    Reply
  • GenericUser
    alceryes said:
    Both Google and Apple need to police their 'stores' better.

    It's not an entry on the actual Google Play store, it's a fraudulent website designed to look like it is.

    According to Kaspersky's malware analyst, Tatyana Shishkova, a fraudulent website has been crafted to look like the Google Play Store and offers a mobile version of Cyberpunk 2077
    Reply
  • alceryes
    GenericUser said:
    It's not an entry on the actual Google Play store, it's a fraudulent website designed to look like it is.
    Ahhh, makes more sense but my statement still stands. ;)
    Reply
  • USAFRet
    The best AV exists between your ears.
    Reply