A hacker distributes fake Windows and Android installers for the game Cyberpunk 2077 which installs a ransomware called CoderWare.
To trick users into installing malware, malware is usually distributed as game installers and cracks for copyrighted software.
This week, Kaspersky Malware analyst Tatyana Shishkova discovered an Android ransomware that represents the mobile version of Cyberpunk 2077. The game was distributed by a fake site representing the legitimate Google Play Store.
Shishkova wrote on Twitter that the ransomware CoderWare uses a hardcoded key, which means that a decryptor can be created if necessary to recover files without payment.
The RC4 algorithm with hardcoded key (in this example - "21983453453435435738912738921") is used for encryption. This means that if you have your files encrypted by this #ransomware, you can decrypt them without paying for them. ransom. "
You can see the hardcoded key "21983453453435435738912738921" in the ransomware source code shown below.
The Windows version was released in November
This ransomware is the same one that was discovered by MalwareHunterTeam in November and disguised as installation program of Windows Cyberpunk 2077. Like the Android version, this ransomware is called CoderWare but is a variation of it BlackKingdom ransomware.
The Windows variant was an executable python that could encrypt a victim's files and add the extension .DEMON in the encrypted file names.
It is not known if the Windows version uses a hardcoded key at this time.
As you can see when you try to install free software that is protected by Copyright, you face huge risks of infections from malware. This risk is even more significant when trying to install Android apps from third-party app stores.
Source of information: bleepingcomputer.com