We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Hackers Mimic Hamster Kombat to Spread Malware

Hackers Mimic Hamster Kombat to Spread Malware
Author Image Hendrik Human
Hendrik Human Published on 28th July 2024 Cybersecurity Researcher

Cybercriminals are exploiting the popularity of the Hamster Kombat mobile game by distributing fake clones to steal user information. The malicious apps are being spread primarily through Telegram and spoof websites, targeting players looking for the official game.

The game, launched in March 2024, has attracted over 250 million players, primarily due to its unique gameplay and the promise of a new TON-based cryptocurrency token, which will be released and tied to the game later this year.

The official version of the game is distributed via an official Telegram channel. Players need to join the channel and scan the QR code provided to launch the web app on their Android devices. This has made it a soft target for threat actors to spread malicious copycat apps via spoofed Telegram channels and websites.

Cybersecurity firm ESET released a report identifying multiple such threats. Amongst others, the researchers found a Telegram channel named “HAMSTER EASY” is distributing a malicious APK file, Hamster.apk, which contains the Ratel spyware. This malware intercepts SMS and device notifications and subscribes victims to premium services without their knowledge.

Additionally, fake websites like “hamsterkombat-ua.pro” and “hamsterkombat-win.pro” are being used to redirect users to advertisements or malicious content. These sites mimic the Google Play interface, further deceiving users into believing they are downloading legitimate software.

ESET's research also uncovered that Windows users are being targeted through malicious GitHub repositories offering supposed farming bots for the game. These repositories contain various versions of Lumma Stealer, a type of malware that can steal personal information.

"The GitHub repositories we found either had the malware available directly in the release files or contained links to download it from external file-sharing services," the ESET report stated.

Users interested in the Hamster Kombat project are advised to make sure that they only access the game through its official Telegram channel or website.

This kind of attack aimed at the gaming community is not without precedent. Earlier this year, it was revealed that Activison is investigating infostealer malware targeting Call of Duty players. In a similar case last year, modified versions of Super Mario 3: Mario Forever were caught distributing trojan malware on Windows PCs.

About the Author

Hendrik is a writer at vpnMentor, specializing in VPN comparisons and user guides. With 5+ years of experience as a tech and cybersecurity writer, plus a background in corporate IT, he brings a variety of perspectives to test VPN services and analyze how they address the needs of different users.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address