Cyberpunk 2077 is available on many platforms but that list doesn’t include mobile. Despite this, some users are attempting to fool players with a fake Cyberpunk 2077 mobile app that is hiding ransomware.
Kaspersky malware analyst, Tatyana Shishkova, has identified a fake website that mimics the Googe Play Store. The landing page shows a Cyberpunk 2077 Mobile app available for install.
The page looks pretty legit at face value, CD Projekt Red is listed as the developer and it has 300 5-star reviews.
Although there are a few dead giveaways that this is a fake. The app description is plagued with spelling and grammatical errors, plus the listing says players will be able to access multiplayer maps, which won’t be available in Cyberpunk until 2022.
New Android #Ransomware disguised as #Cyberpunk2077 game.
Downloaded from fake website imitating Google Play Store.
Family: CoderWare/BlackKingdom https://t.co/JBudDP6vG1 pic.twitter.com/TdM4SAkFWl
— Tatyana Shishkova (@sh1shk0va) December 16, 2020
Players will be prompted to allow the app to access their photos, media, and other files on their device. Once allowed the problems begin.
The malware, titled CoderWare, dictates that victims have 10 hours to transfer $500 in bitcoins to the designated address. If they fail to do so all the files on their device will be permanently deleted. The message also warns that if users delete the app it will be impossible to access their files.
Fortunately, Tatyana Shishkova also pointed out that there is a workaround. The CodeWare uses a hardcoded key, meaning players can use a decryptor to re-access their files without having to pay the ransom.
❗️ RC4 algorithm with hardcoded key (in this example – "21983453453435435738912738921") is used for encryption. That means that if you got your files encrypted by this #ransomware, it is possible to decrypt them without paying the ransom. https://t.co/Lj1hD1SvRK
— Tatyana Shishkova (@sh1shk0va) December 17, 2020
Most players know that Cyberpunk 2077 isn’t available on mobile. However, similar malware was discovered on a Windows edition of the game last month.
TechRadar reports that this ransomware also uses the CoderWare name but is actually a variant of BlackKingdom malware that was circulating earlier in the year. So far it is unclear if files that have been encrypted in this Windows scam can be decrypted without paying.
While most people are savvy enough to know a suspicious website when they see one, this is a good reminder to double-check the legitimacy of any sites before you download content from them.
Unless CD Projekt Red suddenly decides to drop Cyberpunk 2077 on mobile these are the only platforms the game is officially available on: Google Stadia, PC, PS4, PS5, Xbox Series X/S and Xbox One.