Press Center

Malware and antivirus software

News

ESET Research: Hamster Kombat game misused by cybercriminals as spyware and infostealer

Created: 2024-07-25 07:37:27

  • The Hamster Kombat game’s success has attracted malicious actors trying to abuse public interest in the game for monetary gain.
  • ESET researchers discovered Android spyware named Ratel pretending to be Hamster Kombat, distributed via an unofficial Telegram channel.
  • Android users are also targeted by fake app stores claiming to offer the game but delivering unwanted advertisements instead.
  • Windows users can encounter GitHub repositories offering farm bots and auto-clickers that actually contain the infostealer Lumma Stealer cryptors.

BRATISLAVA, KOŠICEJuly 23, 2024 — In the past few months, the Telegram clicker game Hamster Kombat has taken the world of cryptocurrency game enthusiasts by storm. As was to be expected, the success of Hamster Kombat has also brought out cybercriminals, who have already started to deploy malware targeting the players of the game. ESET Research has uncovered threats going after both Android and Windows users. Exposing the risks of trying to obtain games and related software from unofficial sources, ESET found several threats in the form of remotely controlled Android malware distributed through an unofficial Hamster Kombat Telegram channel, fake app stores that deliver unwanted advertisements, and GitHub repositories distributing the Lumma Stealer infostealer cryptors for Windows devices while claiming to offer automation tools for the game.

“Even though gameplay, which mostly entails repeatedly tapping the screen of one’s mobile device, might be rather simple, players are after something more: the possibility of earning big once Hamster Kombat’s creators unveil the promised new cryptocoin tied to the game. Unfortunately, we discovered that cybercriminals have also started to capitalize on Hamster Kombat’s popularity,” explains ESET researcher Lukáš Štefanko, who discovered and analyzed the Hamster Kombat threats.

Due to its success, the game has already attracted countless copycats that replicate its name and icon and have similar gameplay. Luckily, all the early examples we found were not malicious but nevertheless aim to make money from in-app advertisements.

ESET has identified and analyzed two types of threats targeting Android users: a malicious app that contains the Android spyware Ratel and fake websites that impersonate app store interfaces claiming to have Hamster Kombat available for download. ESET researchers found a Telegram channel distributing Android spyware, named Ratel, disguised as Hamster Kombat. This malware is capable of stealing notifications and sending SMS messages. The malware operators use this functionality to pay for subscriptions and services with the victim’s funds, without the victim noticing. Upon startup, the app requests notification access permission and asks to be set as the default SMS application. Once these permissions are granted, the malware gets access to all SMS messages and is able to intercept all displayed notifications.

Even though Hamster Kombat is a mobile game, ESET also found malware abusing the game’s name to spread on Windows. Cybercriminals try to entice Windows users with auxiliary tools that claim to make maximizing in-game profits easier for players. ESET research revealed GitHub repositories offering Hamster Kombat farm bots and auto-clickers, which are tools that automate clicks in a game. These repositories actually turned out to be concealing the infamous Lumma Stealer. The GitHub repositories we found either had the malware available directly in the release files or contained links to download it from external file-sharing services. ESET identified three different versions of Lumma Stealers lurking within the repositories.

Lumma Stealer is an infostealer offered as malware-as-a-service, available for purchase on the dark web and on Telegram. First observed in 2022, this malware is commonly distributed via pirated software and spam and targets cryptocurrency wallets, user credentials, two-factor authentication browser extensions, and other sensitive information. Note that Lumma Stealer’s capabilities are not covered in this research since the focus is on the cryptors that deliver this infostealer, not on the infostealer itself.

“Hamster Kombat’s popularity makes it ripe for abuse, which means that it is highly likely that the game will attract more malicious actors in the future,” concludes Štefanko.

For more technical information about Hamster Kombat-related threats, read the blog post “The tapestry of threats targeting Hamster Kombat players” on WeLiveSecurity.com.  Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Example GitHub repository spreading Lumma Stealer via an “offer” for a farm bot

 




About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

Why ESET?

ESET has over 25 years' experience of helping people to Enjoy Safer Technology. Our software is light on hardware, but hard on malware.

Our Technology

ESET’s award-winning NOD32® Antivirus technology is at the cutting edge of digital security. It’s updated daily to keep you secure.

Free Support

Enjoy your free, industry-leading customer support locally. For technical, sales and marketing enquires dial +65 6296 4268.