Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Fake Hamster Kombat (Dropper) – Malware

January 30, 2025
Reading Time: 4 mins read
in Malware
Fake Hamster Kombat (Dropper) – Malware

Fake Hamster Kombat

Type of Malware

Dropper

Date of Initial Activity

2024

Motivation

Financial Gain

Attack Vectors

Phishing

Targeted Systems

Android

Overview

As the popularity of the mobile game Hamster Kombat skyrockets, it has become a prime target for cybercriminals eager to exploit its user base. In a recent report by ESET Research, malicious actors are taking advantage of the public interest in the game by distributing malware under the guise of game-related tools and apps. Both Android and Windows users have been affected by these malicious campaigns, with spyware and infostealers being deployed through unofficial channels. Here’s a detailed look at how this malware operates and the risks it poses to users.

Targets

Individuals

How they operate

The recent wave of cyberattacks targeting Hamster Kombat players is a testament to how cybercriminals exploit popular apps and games for malicious purposes. These attacks are multifaceted, affecting both Android and Windows users through various techniques. Here’s a deep dive into the technical mechanisms of the Ratel spyware on Android and the Lumma Stealer infostealer on Windows, and how these malware variants operate under the guise of game-related tools.
Android Malware: Ratel Spyware’s Technical Capabilities
The Ratel spyware is a sophisticated piece of malware that has been disguised as a version of the Hamster Kombat game and distributed via unofficial Telegram channels. Once installed, the app initiates its attack by requesting two key permissions: notification access and the ability to become the device’s default SMS application. These permissions are critical to the malware’s functionality, allowing it to intercept and manipulate sensitive data. Notification Access: With this permission, Ratel gains the ability to monitor all notifications that appear on the infected device. This includes notifications from banking apps, messaging services, and authentication services that use two-factor authentication (2FA). By capturing this data, the malware operators can steal sensitive information such as one-time passwords (OTPs) and account recovery codes, which are essential for bypassing security barriers. Default SMS Application: The second permission requested by Ratel is to become the default SMS handler. This allows the malware to intercept, read, and send SMS messages. By controlling SMS functionality, the attackers can intercept authentication codes sent via SMS, steal transactional information, and even send premium-rate SMS messages, effectively siphoning funds from the victim’s account. After gaining these permissions, the malware operates silently in the background, monitoring both incoming and outgoing messages and notifications. In some cases, it can send SMS messages to services without the user’s knowledge, subscribing them to premium services and incurring charges on their behalf. Additionally, Ratel can exfiltrate data back to a command-and-control (C2) server, enabling attackers to monitor the victim’s activity remotely.
Windows Malware: Lumma Stealer’s Infostealing Techniques
On the Windows platform, cybercriminals are distributing the Lumma Stealer through GitHub repositories and websites that claim to offer farm bots and auto-clickers for Hamster Kombat. These tools are designed to appeal to players who seek to automate repetitive tasks in the game. However, instead of providing legitimate functionality, these tools harbor a potent infostealer designed to siphon sensitive data from compromised systems. The Lumma Stealer is a modular infostealer that is primarily used to harvest information related to cryptocurrency wallets, login credentials, browser data, and system information. It operates through the following mechanisms: Credential Harvesting: Lumma Stealer specifically targets browsers and applications that store login credentials. It can extract saved usernames and passwords from browser password managers, including Google Chrome, Mozilla Firefox, and Microsoft Edge. These credentials are packaged and sent back to the C2 server, where they can be used to access the victim’s online accounts. Cryptocurrency Wallet Theft: Given that many Hamster Kombat players are interested in cryptocurrency, Lumma Stealer focuses on stealing cryptocurrency wallets. It targets popular wallet applications, extracting wallet keys and sensitive data that enable attackers to drain the victim’s cryptocurrency assets. Two-Factor Authentication (2FA) Bypass: Lumma Stealer also targets 2FA browser extensions, which are often used to enhance security during login processes. By stealing backup codes and bypass mechanisms, the malware makes it easier for attackers to break into accounts that use 2FA, significantly increasing the damage they can inflict. Lumma Stealer is delivered in various ways through the GitHub repositories identified by ESET Research. These repositories either contain the malware directly in the release files or link to external file-sharing services where the malware is hosted. Once executed, the malware runs silently in the background, collecting data and sending it to its operators.
Malware-as-a-Service: Lumma Stealer’s Ecosystem
What sets Lumma Stealer apart from traditional malware is its widespread availability through malware-as-a-service (MaaS) platforms. Cybercriminals can easily acquire the malware from the dark web or Telegram channels for a fee. This model enables attackers with little technical skill to deploy sophisticated malware campaigns. Once installed, Lumma Stealer establishes communication with a C2 server, sending the stolen information in encrypted form to evade detection by antivirus solutions and firewalls. The modular design of Lumma allows its operators to continually update and modify its capabilities, making it adaptable to different environments and targets. Additionally, Lumma’s cryptors (tools that obscure malware signatures) play a vital role in preventing detection, allowing it to bypass security measures and deliver its payload undetected.
Conclusion: A Cautionary Tale for Users
The Hamster Kombat malware campaigns reveal how opportunistic cybercriminals exploit popular apps and games to distribute malware, often through unofficial channels. Both the Ratel spyware on Android and the Lumma Stealer on Windows demonstrate the technical sophistication behind these attacks, from gaining unauthorized permissions on mobile devices to exfiltrating sensitive data from desktop systems. Users must be vigilant when downloading apps or tools from unofficial sources, as they are often vectors for malware distribution. Maintaining up-to-date antivirus software, being cautious with app permissions, and avoiding untrusted websites can help mitigate the risk of falling victim to these malicious campaigns. As malware continues to evolve, proactive security measures remain the best defense against these sophisticated attacks.  
References:
  • ESET Research: Hamster Kombat game misused by cybercriminals as spyware and infostealer
Tags: AndroidCybercriminalsDroppersESET ResearchFake Hamster KombatHamster KombatLumma StealerMalwareRatelWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial