Players of Hamster Kombat have become prime targets for scammers promoting phishing schemes aimed at those looking for easy earnings. Malicious actors steal confidential data and infect inattentive players with malware. Due to the technical aspects of Hamster Kombat, these fraudulent schemes are highly successful.
Hamster Kombat Tap-Game Players Targeted in Malware Spreading
ESET researchers have discovered a series of successful scams based on the popularity of the game Hamster Kombat. As with any potential opportunity to make easy money, this game has attracted two audiences – those looking to get rich quickly and those looking to profit from them, i.e., scammers. The latter use phishing websites to spread spyware, primarily Ratel to Android users and Lumma Stealer to ones who use Windows.
For those who may not know, that is a game where the main activity is tapping the smartphone screen and completing simple tasks. For these actions, the developers promise to eventually reward players with a new virtual cryptocurrency token based on TON, which they plan to release sometime soon. Since the game’s release, more than 250 million players have joined the project. For the comparison, Hamster’s Telegram channel alone had 53 million users at the time of writing.
The game caused heavy discussions on data safety earlier this year, mainly due to its Russian origins. We have a separate article with analysis of Hamster Combat’s Russian ancestry and possible outcomes.
How the scam works?
Main thing that makes users follow the shady guides and do what the malicious instructions say is the wish to automate the Hamster Kombat game process. For this, frauds offer downloading a third-party app, that is, as you could have guessed, is malicious. It’s worth remembering that the Hamster Kombat game operates exclusively through a Telegram bot and only within Telegram on mobile devices. This means there are no stand-alone apps for iOS, Android, or especially for Windows. Additionally, the only official accounts are on YouTube, X (Twitter), and Telegram – another popular claim that the frauds do to lull the vigilance.
Hamster Kombat Malware Scam – Main Course
This desperation drives players to visit phishing sites and install malicious applications. For example, enterprising scammers have created a Telegram channel called HAMSTER EASY, where they distribute an app named Hamster.apk. The channel is entirely Russian, and almost every post contains grammatical errors. However, this app is in fact Ratel spyware, which automatically sets itself as the default SMS app.
By getting these capabilities and privileges, this app abuses notification access permissions. This Ratel can intercept all messages and notifications and hide them from the user. Further, the spyware uses SMS to communicate with “control server” – in fact, just the phone of cybercriminals.
Another method of spreading this spyware is through phishing websites styled to look like official app stores. Researchers have identified two such sites, “hamsterkombat-ua.pro” and “hamsterkombat-win.pro”. Unlike the page that spreads Ratel spyware, these two are in Ukrainian language and obviously target the Ukrainian player base.
As I have repeatedly emphasized, Hamster Kombat operates exclusively on mobile devices. However, crafty scammers have developed a Windows application. Researchers discovered GitHub repositories offering auto-clickers and automation tools for leveling up in the game. However, the developers neglected to mention that this software comes with a bonus: Lumma Stealer. This malware is spread in several versions, including C++, Go, and Python, with the latter even featuring a graphical installer interface. Consider reading our detailed research on this malware.
Moreover, numerous clones have appeared online, such as muskempire_bot and Simple_Tap_Bot. These bots are heavily promoted in the comments under videos related to Hamster Kombat on social media, promising easy earnings. Instead, they steal users’ time, personal data, and in some cases, even their money.
How To Avoid This Scam
To avoid falling victim to scams related to Hamster Kombat, it is essential to remember two rules:
- The game operates only within the Telegram app on mobile devices.
- There are no legitimate ways to automate the game’s process through software. At least, the developers claimed to patch any of the possible auto-click bots, and threatened to wipe the accounts of ones who use them.
Based on this, players should avoid any software related to this game, regardless of the platform. Additionally, avoid websites that disguise themselves as Hamster Kombat but are not announced on the official game pages.
