Hamster Kombat players targeted with malware attacks — millions of gamers potentially at risk

Telegram game already has more than 250 million players

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals are tapping into the growing popularity of the Hamster Kombat mobile game to infect people withmalware, adware, and infostealers, experts have warned.

Researchers from ESET claim to have observed activity against both Android and Windows users, with the game boasting more than 250 million active participants.

Hamster Kombat is a mobile game that launched in March 2024 built within the instant messaging platform Telegram, which is also the only place where people can play it. To run Hamster Kombat, a player needs to open the right Telegram bot channel and activate it. In the game, the player is tasked with simple things such as tapping on the screen incessantly. This rewards them with virtual money which should, at some point, translate to the HMSTR cryptocurrency.

Fake apps for Android and Windows

“Android users are automatically protected against known versions of this malware byGoogle Play Protect, which is on by default on Android devices withGoogle PlayServices.GooglePlay Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play,” a Google spokesperson toldTechRadar Proin a statement.

Since the game is relatively new, and only available on Telegram, cybercriminals saw it as an opportunity to deliver fake games to unsuspecting victims and thus earn some money. ESET says it saw multiple such examples, including one where a fake Android game called HAMSTER EASY is being distributed online. This application does not contain any legitimate functionality, and instead drops the Ratel Android spyware, which subscribes the victim to premium services and steals their money that way.

In a separate example, Windows users were targeted with a fake game that ended up deploying the Lumma Stealer. This one is potentially even more disruptive, since it’s safe to assume that many of the Hamster Kombat players are also cryptocurrency holders. Therefore, the Lumma Stealer can steal cryptocurrency wallet data, resulting in their wallets being emptied.

If you are interested in the Hamster Kombat game, make sure to only access it via the official Telegram channel.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Red One isn’t perfect but it proves we need more action-packed Christmas movies