Cybercriminals are tapping into the growing popularity of the Hamster Kombat mobile game to infect people with malware, adware, and infostealers, experts have warned.
Researchers from ESET claim to have observed activity against both Android and Windows users, with the game boasting more than 250 million active participants.
Hamster Kombat is a mobile game that launched in March 2024 built within the instant messaging platform Telegram, which is also the only place where people can play it. To run Hamster Kombat, a player needs to open the right Telegram bot channel and activate it. In the game, the player is tasked with simple things such as tapping on the screen incessantly. This rewards them with virtual money which should, at some point, translate to the HMSTR cryptocurrency.
Fake apps for Android and Windows
Since the game is relatively new, and only available on Telegram, cybercriminals saw it as an opportunity to deliver fake games to unsuspecting victims and thus earn some money. ESET says it saw multiple such examples, including one where a fake Android game called HAMSTER EASY is being distributed online. This application does not contain any legitimate functionality, and instead drops the Ratel Android spyware, which subscribes the victim to premium services and steals their money that way.
In a separate example, Windows users were targeted with a fake game that ended up deploying the Lumma Stealer. This one is potentially even more disruptive, since it’s safe to assume that many of the Hamster Kombat players are also cryptocurrency holders. Therefore, the Lumma Stealer can steal cryptocurrency wallet data, resulting in their wallets being emptied.
If you are interested in the Hamster Kombat game, make sure to only access it via the official Telegram channel.
Via BleepingComputer
