250 Million Hamster Kombat Players Targeted Via Android And Windows Malware

Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very well-liked among gamers who use cryptocurrencies because of the potential rewards of a brand-new cryptocoin that the developers intend to launch. 

The game’s success has spawned numerous copycats with similar names, icons, and gameplay mechanics. While these imitations appear benign, they aim to profit from in-app advertising. 

The popularity of Hamster Kombat has created openings for cybercriminals. Fake app stores target Android users, offering malware disguised as the game that bombards them with ads.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Windows users are at risk from GitHub repositories distributing malicious farm bots and auto-clickers laced with Lumma Stealer malware for credential theft.  

Researchers discovered malware distributed through unofficial channels, including fake Hamster Kombat apps and game automation tools that actually steal user information, targeting both Android and Windows devices, highlighting the risks of downloading apps from unofficial sources. 

The game’s token, HMSTR, will be distributed on The Open Network (TON) based on in-game performance metrics like profit per hour, unlike Notcoin’s airdrop, which rewarded total score, emulating Notcoin’s successful token launch on TON in May 2024 and aiming to replicate its achievement in the crypto-gaming space. 

It has been found that Android malware, including spyware (Ratel) and fake app stores with unwanted ads, might encounter repositories containing Lumma Stealer cryptors.

While the game itself seems safe, cybersecurity experts warn of potential financial risks associated with “play-to-earn” mechanics. 

ESET researchers discovered Ratel, an Android spyware disguised as Hamster Kombat, on Telegram, which steals notifications and sends SMS messages to steal money from the victim. 

It hides notifications from over 200 apps to prevent the victim from discovering suspicious activities. Ratel also communicates with a C&C server to receive instructions and potentially upload intercepted notifications.  

Hamster Kombat, a popular Telegram clicker game with a promised cryptocoin, has attracted malicious actors, while Android spyware Ratel disguised as Hamster Kombat on Telegram steals notifications and sends SMS messages. 

Fake app stores impersonating legitimate ones also deliver unwanted advertisements.

For Windows users, GitHub repositories offering farm bots and autoclickers contain Lumma Stealer malware, which steals cryptocurrency wallets, user credentials, and other sensitive information.

Lumma Stealer malware uses different encryption methods for C++, Go, and Python applications.

The C++ variant embeds RC4 encrypted Lumma Stealer and injects it into RegAsm.exe.

The Go variant uses AES-GCM encryption and leverages obfuscated code from go_libpeconv to perform process hollowing. 

The Python variant presents a fake installer, downloads a password-protected archive containing a cryptor with Lumma Stealer upon user consent, and sends timestamps to a C&C server that likely forwards the data to the operators’ Telegram account.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo