Cybercriminals are taking advantage of the growing popularity of the Hamster Kombat mobile game to infect people with malware, adware and data stealers, experts have warned.
ESET researchers say they have observed activity targeting Android and Windows users, and the game has over 250 million active players.
Hamster Kombat is a mobile game that was released in March 2024 and is developed within the instant messaging platform Telegram, which is also the only place where people can play it. To run Hamster Kombat, a player must open the correct Telegram bot channel and activate it. In the game, the player must perform simple tasks, such as tapping the screen incessantly. This rewards them with virtual money that should eventually be translated into the HMSTR cryptocurrency.
Fake apps for Android and Windows
Since the game is relatively new and only available on Telegram, cybercriminals saw it as an opportunity to offer fake games to unsuspecting victims and thus make some money. ESET claims to have seen several such examples, including one where a fake Android game called HAMSTER EASY is distributed online. This app contains no legitimate functionality and instead installs the Ratel spyware for Android, which subscribes the victim to premium services and steals their money that way.
In another example, Windows users were targeted with a fake game that ended up deploying the Lumma Stealer. This one is potentially even more disruptive, as it is safe to assume that many of the Hamster Kombat players are also cryptocurrency holders. The Lumma Stealer can therefore steal cryptocurrency wallet data, resulting in their wallets being emptied.
If you are interested in the Hamster Kombat game, make sure to access it only through the official Telegram channel.
Through Computer beeping