HomesecurityRansomware represents the mobile version of Cyberpunk 2077

Ransomware represents the mobile version of Cyberpunk 2077

A hacker distributes fake Windows and Android installers for the game Cyberpunk 2077 which installs a ransomware called CoderWare.

To trick users into installing malware, malware is usually distributed as game installers and cracks for copyrighted software.

Cyberpunk 2077 Ransomware

This week, Kaspersky Malware analyst Tatyana Shishkova discovered an Android ransomware that represents the mobile version of Cyberpunk 2077. The game was distributed by a fake site representing the legitimate Google Play Store.

Shishkova wrote on Twitter that the ransomware CoderWare uses a hardcoded key, which means that a decryptor can be created if necessary to recover files without payment.

The RC4 algorithm with hardcoded key (in this example - "21983453453435435738912738921") is used for encryption. This means that if you have your files encrypted by this #ransomware, you can decrypt them without paying for them. ransom. "

You can see the hardcoded key "21983453453435435738912738921" in the ransomware source code shown below.

cyberpunk 2077

The Windows version was released in November

This ransomware is the same one that was discovered by MalwareHunterTeam in November and disguised as installation program of Windows Cyberpunk 2077. Like the Android version, this ransomware is called CoderWare but is a variation of it BlackKingdom ransomware.

cyberpunk 2077

The Windows variant was an executable python that could encrypt a victim's files and add the extension .DEMON in the encrypted file names.

cyberpunk 2077

It is not known if the Windows version uses a hardcoded key at this time.

As you can see when you try to install free software that is protected by Copyright, you face huge risks of infections from malware. This risk is even more significant when trying to install Android apps from third-party app stores.

Source of information: bleepingcomputer.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.
spot_img

LIVE NEWS