The Black Kingdom ransomware developers have been detected to attempt a new strategy in spreading the dangerous malware, this time by creating virus-infected and fake Cyberpunk 2077 related files. This comes at the same time as the release of a fake Android “mobile version” which was detected on a counterfeit Google Play Store site. At this time there is no evidence that these two instances are related, they are probably the work of independent hacking groups.
Cyberpunk 2077 Virus-Infected Files and Fakes Spread Ransomware
As the popular Cyberpunk 2077 has recently been released and users on all popular platforms have started downloading and playing it, the computer hackers decided to use this opportunity as well to spread dangerous viruses. The popular tactic of creating virus-infected files that are in some way seen as in relation to the game is seen as effective. The hacking groups can use different mechanisms, including the following:
- Infected Installers — By far these are some of the most popular types of files that can be used for all kinds of infections, including ransomware. The reason for this is that the game is usually purchased through an online platform or download site. To install it a setup file needs to be downloaded and started on the local computer. The ransomware code can be placed in it and as such code usually requires administrative rights to launch, the dangerous virus will be able to deploy itself deep into the system.
- Patches, Add-Ons, and Updates — Due to the buggy initial release the developers were quick to release updates to the game in ironing out the bugs. Virus-infected copies of them can lead to ransomware delivery.
- Other Related Files — As with any other game all kind of miscellaneous game data files can also be the conduit of virus infections.
The majority of the virus-infected files have been shown to deliver the DEMON derivative of the Black Kingdom ransomware. We first reported about it in February this year, this is a typical representative of this malware category. The virus will start once it is deployed on a given computer and start to encrypt the user’s data. During this process, depending on the current hacker configuration, it may also change important system configuration files. Such actions can lead to severe performance issues and difficulties in restoring an infected host. Black Kingdom ransomware files that pose as Cyberpunk 2077 can easily be found on most file-sharing networks, download portals, illegal sites, and etc. These are the usual places where one can get infected.
On a related note hackers have also decided to take on the route to create Android malware that makes use of the Cyberpunk 2077 game release frenzy. A threat to Google’s mobile operating system has been found to be distributed by an unknown hacking group online. The criminals have created fake pages that look like the Google Play Store and show a Cyberpunk 2077 Mobile game. They have created all of the necessary forms of data and designed the pages accordingly to make them believable. This was reported by Tatyana Shishkova on her Twitter profile.
As the game continues to be one of the top commented releases, we anticipate that other virus-infected copies of it will be made soon. For this reason, we urge that extra caution is taken if game data is to be downloaded from the Internet. Always rely on the official sources as given by the developers of the game.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: