Despite the current state of Cyberpunk 2077, eager fans everywhere are still trying to get as much time with the game as they can. This presented the opportunity for some sneaky person/persons to take advantage of this by creating ransomware and disguising it as a mobile version of the game. According to Kaspersky's malware analyst, Tatyana Shishkova, a fraudulent website has been crafted to look like the Google Play Store and offers a mobile version of Cyberpunk 2077. But in actuality, this website has been tricking people into downloading and installing ransomware onto their mobile devices.
New Android #Ransomware disguised as #Cyberpunk2077 game.Downloaded from fake website imitating Google Play Store.Extension: .coderCryptFamily: CoderWare/BlackKingdom https://t.co/JBudDP6vG1 pic.twitter.com/TdM4SAkFWlDecember 16, 2020
This ransomware has been dubbed Coderware, and once it infects a mobile device, the contents are encrypted. The unwilling participants are notified that they have 10 hours to send $500 in bitcoins to the ransomware creator. Failing to do so will result in the encrypted file being permanently deleted; unless you have a backup that isn't infected.
Fortunately, not all is lost as it has been discovered that the ransomware attack uses the same variant as the BlackKingdom ransomware that was released in early 2020. This was pointed out by Tatyana Shishkova, who also provides a way to get around the ransomware. Unlike the BlackKingdom ransomware, the Coderware ransomware uses a hardcoded key, meaning that individuals can use a decryptor to gain access to the encrypted file without paying the hefty sum.
The decryptor is found inside of the source code, as seen in the example below.
Of course, the best way to protect your mobile device is to not download and install unofficial software to it. There is no mobile version of Cyberpunk 2077, nor has there been any announcement of one in development. The only place to play the title is PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, PC, and Stadia.
It's not an entry on the actual Google Play store, it's a fraudulent website designed to look like it is.