Hamster Kombat players targeted with malware attacks — millions of gamers potentially at risk

News
By
published

Telegram game already has more than 250 million players

malware
Image Credit: Flickr (Image credit: Shutterstock)

Cybercriminals are tapping into the growing popularity of the Hamster Kombat mobile game to infect people with malware, adware, and infostealers, experts have warned.

Researchers from ESET claim to have observed activity against both Android and Windows users, with the game boasting more than 250 million active participants. 

Hamster Kombat is a mobile game that launched in March 2024 built within the instant messaging platform Telegram, which is also the only place where people can play it. To run Hamster Kombat, a player needs to open the right Telegram bot channel and activate it. In the game, the player is tasked with simple things such as tapping on the screen incessantly. This rewards them with virtual money which should, at some point, translate to the HMSTR cryptocurrency. 

Fake apps for Android and Windows

"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play," a Google spokesperson told TechRadar Pro in a statement.

Since the game is relatively new, and only available on Telegram, cybercriminals saw it as an opportunity to deliver fake games to unsuspecting victims and thus earn some money. ESET says it saw multiple such examples, including one where a fake Android game called HAMSTER EASY is being distributed online. This application does not contain any legitimate functionality, and instead drops the Ratel Android spyware, which subscribes the victim to premium services and steals their money that way.

In a separate example, Windows users were targeted with a fake game that ended up deploying the Lumma Stealer. This one is potentially even more disruptive, since it’s safe to assume that many of the Hamster Kombat players are also cryptocurrency holders. Therefore, the Lumma Stealer can steal cryptocurrency wallet data, resulting in their wallets being emptied. 

If you are interested in the Hamster Kombat game, make sure to only access it via the official Telegram channel.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.