TL;DR: Not for the first time, cybercriminals are exploiting the popularity of a video game by releasing a fake mobile version that's actually ransomware. On this occasion, the title in question is Cyberpunk 2077, but there's a way for victims to unlock their devices without paying.
There is, of course, no mobile version of Cyberpunk 2077; the ambitious title struggles enough on the PS4 and Xbox One consoles, so an Android/iOS port would be a big ask.
As noted by Tatyana Shishkova, an android malware analyst at Kaspersky, unscrupulous types are taking advantage of less knowledgeable users by creating a fake website designed to look like the Google Play Store, where unsuspecting visitors can download ‘Cyberpunk 2077 Mobile.’
New Android #Ransomware disguised as #Cyberpunk2077 game.— Tatyana Shishkova (@sh1shk0va) December 16, 2020
Downloaded from fake website imitating Google Play Store.
Family: CoderWare/BlackKingdom https://t.co/JBudDP6vG1 pic.twitter.com/TdM4SAkFWl
Anyone whose common sense is blinded by the prospect of playing Cyberpunk on their phone is in for a nasty surprise. The file is actually ransomware called CoderWare, a variant of the BlackKingdom ransomware. As with other malware, it encrypts a device’s contents. Victims are given 10 hours to pay $500 worth of bitcoin before everything is deleted permanently.
Shishkova notes that there is a way to decrypt the contents without paying the ransom; a move that doesn’t always guarantee you'll receive the decryption key. Thankfully, there is a hardcoded key in the CoderWare ransomware that allows a decryptor to recover the files.
❗️ RC4 algorithm with hardcoded key (in this example - "21983453453435435738912738921") is used for encryption. That means that if you got your files encrypted by this #ransomware, it is possible to decrypt them without paying the ransom. https://t.co/Lj1hD1SvRK— Tatyana Shishkova (@sh1shk0va) December 17, 2020
You can see the hardcoded key in the ransomware’s source code below.
Malware posing as mobile versions of games isn’t something new. Last year saw a fake Apex Legends app that was an adware downloader. Its popularity was boosted by YouTube videos containing links to this fake mobile version. EA says Apex Legends is coming to mobile, but not until next year.
The latest bit of bad news for the real Cyberpunk 2077 is that crafting too many items can corrupt your save files.