Widely played Telegram-based mobile game Hamster Kombat has been exploited by threat actors to facilitate various malware attacks, reports The Record, a news site by cybersecurity firm Recorded Future.
Most pressing of the threats exploiting Hamster Kombat involved the utilization of a spoofed version of the game to deploy the Ratel payload that enabled stealthy exfiltration of notifications and bank account proceeds among Android users, according to a report from ESET. Windows users have also been targeted with GitHub repositories purporting automated clicks in Hamster Kombat but actually deliver the Lumma Stealer malware, reported ESET researchers, who also discovered the prevalence of fraudulent app stores with Hamster Kombat that download unwanted ads. Such findings follow a Kaspersky report detailing the use of Hamster Kombat in a phishing scheme that sought to compromise Russian Telegram accounts. "Hamster Kombat's popularity makes it ripe for abuse, meaning it is highly likely that the game will attract more malicious actors in the future," ESET researchers noted.
