Cybercriminals have targeted users of the popular game Hamster Kombat, exploiting its broad appeal to deliver malware through seemingly legitimate apps for Android and Windows. Researchers from Anti‑Malware and ESET have identified malicious activity tied to this game ecosystem, warning that authentic looking versions can hide dangerous software.
Hamster Kombat is a clicker game where players earn virtual currency by tapping the screen. The title gained traction when it appeared on the Telegram platform, prompting opportunists to replicate its functionality. These clones flood app stores with fake versions designed to ride the wave of the original’s popularity, offering quick gains while concealing their true intent.
One widely circulated counterfeit surfaced on Google Play under the name Hamster Kombat – Earn Crypto. ESET researchers traced the attackers’ use of this counterfeit as bait to lure unsuspecting users into downloading the package.
In addition to store-based threats, some Telegram chats push malware pretending to be an enhanced edition of the game. These packages promise enhanced features and faster in‑game progression. Instead, the Hamster.apk file hosts a program known as Ratel, a tool capable of reading SMS messages, collecting device information, and automatically subscribing users to paid services without their knowledge.
Another dangerous payload has been identified under the Windows utility Lumma information shaper. Intended to help cybercriminals access accounts, this tool can be leveraged to steal Google credentials and other sensitive data from compromised machines.
Beyond the technical details, researchers emphasize the importance of user vigilance. The campaign demonstrates how attackers blend entertainment with social engineering to lower the reader’s guard. A common tactic is to offer quick rewards or enhanced capabilities, creating a sense of urgency that prompts hasty downloads.
Security teams advise several practical steps to reduce risk. First, verify the source before downloading any game or related software. Prefer official app stores and review the developer’s profile, ratings, and published updates. Second, enable device protections such as reputable mobile antivirus software, and keep the operating system and apps up to date with the latest security patches. Third, monitor device permissions. If an app requests access to SMS messages or other sensitive data beyond its core function, it should raise a red flag. Fourth, consider enabling two factor authentication on critical accounts and regularly audit connected services for unfamiliar activity.
The pattern seen in the Hamster Kombat campaigns mirrors broader dynamics in online security. Entertainment apps frequently serve as entry points for credential theft, financial fraud, and information harvesting. As attackers refine their tools, users must cultivate a cautious mindset, especially when prompted to install add-ons or share personal information.
Industry analysts also remind users that legitimate developers rarely push aggressive campaigns that promote financial gain through in‑app purchases or crypto yields. When a game promises unusually high returns for simple actions, skepticism is warranted. If a device becomes slow, experiences unusual SMS charges, or shows unexpected account activity, investigation should begin immediately.
In response to these threats, platform operators continue to tighten vetting processes, while researchers share indicators of compromise and behavioral patterns to help users recognize suspicious apps. The ongoing cooperation between security vendors, platform operators, and user communities is essential to curb the spread of malware masquerading as popular games.
Notes from public safety and tech policy discussions show a growing emphasis on user education and responsible disclosure. The aim is to foster safer digital environments where players can enjoy legitimate experiences without fearing hidden malware in entertainment apps.