Cyberpunk 2077 2020 new screenshots-1

PSA: Fake “mobile app” of Cyberpunk 2077 game is being distributed as a ransomware, don’t download it


Despite the lackluster performance and controversial reception of Cyberpunk 2077, there are still eager gamers willing to get their hands on this game by any means. Recently some cybercriminals have been exploiting this opportunity and the popularity of this game by releasing a fake mobile version that’s actually a ransomware/malware.

Before continuing, you must be aware that there is currently no mobile version of Cyberpunk 2077, an Android/iOS port; so any Mobile Android app or installer which is uploaded on any website is totally fake, and it is being disguised as a Malware.

Earlier this week, one Kaspersky Android malware analyst Tatyana Shishkova discovered an Android ransomware masquerading as a mobile version of the Cyberpunk 2077 game.

A fake website which was actually disguised to look like Google’s Play Store was offering a mobile version of CDPR’s latest title, but it turns out that the said version actually installed a ransomware on the victim’s Mobile device, thus infecting it in the whole process.

CP2077 malware-1

This new ransomware has been dubbed as Coderware, and once it infects any mobile device, the contents are then fully encrypted.

However, this ransomware uses a “hardcoded key”, which means that a decryptor can be used to recover files without having to pay any demanded ransom fee by the cybercriminals. According to the ransomware instructions, the affected victims have only 10 hours to send $500 worth of bitcoins to the attackers, or else their encrypted file will be permanently deleted.

“RC4 algorithm with hardcoded key (in this example – “21983453453435435738912738921”) is used for encryption. That means that if you got your files encrypted by this #ransomware, it is possible to decrypt them without paying the ransom.”

The hardcoded key ‘21983453453435435738912738921’ in the source code as shown below:

CP2077 malware-2
CP2077 malware-3

As pointed out by Tatyana Shishkova, this ransomware attack uses the same variant as the BlackKingdom ransomware that was released in early 2020. This ransomware is the same as one discovered by the MalwareHunterTeam in November that was disguised as a Windows Cyberpunk 2077 installer.

CP2077 malware-4

The Windows variant was actually a python compiled exe that would encrypt the victim’s files and then append the .DEMON extension to encrypted file’s names. Though, it is not known if the Windows version also uses a hardcoded key at this time.

CP2077 malware-5

The BlackKingdom ransomware has targeted enterprise VPNs earlier this year as well. Like mentioned before, no mobile version of this game currently exists, so users should avoid suspicious downloads.

CP2077 malware-6

The best way of course is to protect your mobile device is to not download and install unofficial software or any third-party Android app. The game is only available and playable on PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Windows PC, and Stadia.

Stay safe!