Cybercriminals are exploiting the growing popularity of the mobile game Hamster Kombat to infect people with malware, adware and infostealers, experts warn.
ESET researchers claim to have observed activity against both Android and Windows users. The game has over 250 million active participants.
Hamster Kombat is a mobile game that launched in March 2024 and is built within the instant messaging platform Telegram, which is also the only place where people can play it. To play Hamster Kombat, a player must open and activate the appropriate Telegram bot channel. In the game, the player is tasked with doing simple things like tapping the screen continuously. This rewards them with virtual money that should eventually be converted into the HMSTR cryptocurrency.
Fake apps for Android and Windows
Since the game is relatively new and only available on Telegram, cybercriminals saw it as an opportunity to deliver fake games to unsuspecting victims and make some money in the process. ESET says it has seen multiple examples of such games, including one where a fake Android game called HAMSTER EASY is being distributed online. This application contains no legitimate functionality and instead drops the Ratel Android spyware, which entices the victim to subscribe to premium services and steal their money.
In a separate example, Windows users were attacked with a fake game that ultimately used the Lumma Stealer. This one is potentially even more disruptive, as we can safely assume that many of the Hamster Kombat players are also cryptocurrency holders. Therefore, the Lumma Stealer can steal cryptocurrency wallet credentials, leading to their wallets being emptied.
If you are interested in the game Hamster Kombat, make sure to play it only through the official Telegram channel.
Through BleepingComputer