Hackers Mimic Hamster Kombat to Spread Malware
Cybercriminals are exploiting the popularity of the Hamster Kombat mobile game by distributing fake clones to steal user information. The malicious apps are being spread primarily through Telegram and spoof websites, targeting players looking for the official game.
The game, launched in March 2024, has attracted over 250 million players, primarily due to its unique gameplay and the promise of a new TON-based cryptocurrency token, which will be released and tied to the game later this year.
The official version of the game is distributed via an official Telegram channel. Players need to join the channel and scan the QR code provided to launch the web app on their Android devices. This has made it a soft target for threat actors to spread malicious copycat apps via spoofed Telegram channels and websites.
Cybersecurity firm ESET released a report identifying multiple such threats. Amongst others, the researchers found a Telegram channel named “HAMSTER EASY” is distributing a malicious APK file, Hamster.apk, which contains the Ratel spyware. This malware intercepts SMS and device notifications and subscribes victims to premium services without their knowledge.
Additionally, fake websites like “hamsterkombat-ua.pro” and “hamsterkombat-win.pro” are being used to redirect users to advertisements or malicious content. These sites mimic the Google Play interface, further deceiving users into believing they are downloading legitimate software.
ESET’s research also uncovered that Windows users are being targeted through malicious GitHub repositories offering supposed farming bots for the game. These repositories contain various versions of Lumma Stealer, a type of malware that can steal personal information.
“The GitHub repositories we found either had the malware available directly in the release files or contained links to download it from external file-sharing services,” the ESET report stated.
Users interested in the Hamster Kombat project are advised to make sure that they only access the game through its official Telegram channel or website.
This kind of attack aimed at the gaming community is not without precedent. Earlier this year, it was revealed that Activison is investigating infostealer malware targeting Call of Duty players. In a similar case last year, modified versions of Super Mario 3: Mario Forever were caught distributing trojan malware on Windows PCs.
React to this headline: