Cyberpunk 2077 android malware

Recently I came across an android app that claimed to be cyberpunk2077, It seemed quite interesting as CD Projekt hasn't yet announced a mobile version.

The size of the app was listed as 3.4 GB, but the actual size of the downloaded app is just 5.9 MB. The developers of the app were able to reduce the size of the app from 3.4 GB to 5.9 MB using some kind of alien technology I think.

So I installed the game in the hope of playing it on an android device. After installing it first asked for access to storage which is quite common for games and apps to have. After giving access, instead of starting the game, it showed a ransom note asking for 500$ in bitcoin to recover the files.

Turns out it has encrypted all of the files in the device and have added .coderCrypt extension to files

Can we recover the files?

Let's decompile the apk and see what exactly are they doing.

After decompiling the apk and analyzing, it turns out the fake game is using RC4 encryption to encrypt the files and to our luck, they have hardcoded the key in code. That makes our life much easier.

The files can be decrypted easily by using any RC4 decryptor using the key. I have also written an app to decrypt all your files( use it at your own risk). And never pay the ransom, there is no guarantee that hackers will recover your files.

https://github.com/dot-sec/Cyberpunk2077-android-malware

Github repo contains code for the decryptor, apk file, and malware sample.

Also never install apps from untrusted sources.