Not all the news this week is going to be about a global company messing up their updates!
Threat actors are always looking for the quickest and easiest way to reach the greatest number of victims – that is how their “business model” works! So exploiting a game with 250 million users is an obvious target.
Hamster Kombat’s 250 million players targeted in malware attacks (bleepingcomputer.com)
The game has grown in popularity because of the promise of earning a soon to be launched cryptocurrency by playing it.
The game is not available via the regular app stores. Players get the game first by joining Telegram – the hackers favourite communication tools – and then scanning a QR code supplied by the games developers to launch the web app on an Android phone.
Please note that the developers of Hamster Kombat are a legitimate company however the method of distribution they have chosen – probably to avoid having to pay app store fees – is open to easy abuse and exploitation by threat actors. Unwary users searching Telegram for the official Hamster Kombat channel could easily be lured into fake channels.
The threat does not stop at just Android platforms there have been instances of “Hamster Kombat bait” being offered on Windows.
Your Takeaway
Do any of your people play Hamster Kombat on their Android devices and do they access your organisation’s information on the same phones?
Are you using Bring Your Own Device – BYOD – to save money?
Do you have a Bring-Your-Own-Device policy?
Do you need help?
Clive Catton MSc (Cyber Security) – by-line and other articles
