Malware operators prey on massive popularity of Hamster Kombat game
Threat actors are taking advantage of the huge popularity of the Hamster Kombat clicking game to distribute malware. The game boasts over 250 million players globally since launching in March 2024. It operates on Android devices and requires players to join its Telegram channel and launch a web app to play.
This massive userbase of over 53 million users on Telegram has made Hamster Kombat players an attractive target for cybercriminals. They are distributing fake Android and Windows software carrying spyware and information stealers.
Malicious Android apps distributed on Telegram, fake websites
On Telegram, threat actors use channels like “HAMSTER EASY” to distribute malicious Android packages (APKs) disguised as the game. ESET analyzed one such APK, which contained the sneaky Ratel Android spyware instead of any game files.
Ratel can intercept text messages and notifications to subtly subscribe victims to premium services without their knowledge, giving the operators a cut. It blocks notices from 200 common apps to avoid detection.
Fake websites mimicking legitimate stores like “hamsterkombat-ua.pro” redirect visitors to ads farms. According to ESET, these malware distributors generate revenue this way.
Windows users also targeted, Lumma Stealer distributed
The scams expand beyond Android – ESET found Lumma Stealer info-stealing malware distributed on GitHub under the pretense of Hamster Kombat “farming bots”. Some releases held the cryptor directly, while others linked to external downloads.
“The GitHub repositories we found either had the malware available directly in the release files, or contained links to download it from external file-sharing services,” reads ESET’s report.
Three variants were used – C++, Go and Python versions. The Python one came packaged neatly as a graphical installer to conceal the malware before finishing installation.
Notes of caution for would-be Hamster Kombat players
Interested users are advised to only get the genuine game from its official Telegram channel or website. However, even the real game lacks scrutiny since it’s unavailable on official app stores. No whitepaper or token details have materialized either.
Clone apps on stores like duplicate withdrawal fees and scam users. All Hamster Kombat copies from any source should be met with distrust, as most are likely fraudulent if not outright malware distributors. Cryptocurrency gaming project lists from reputable sources can help identify safer options.
As long as the hype around Hamster Kombat continues, cybercriminals will exploit fans with malware. Players must exercise extreme caution while the project works to strengthen security and transparency. Following its progress directly is recommended over risky third parties.