Popular Hamster Kombat game has become ‘ripe for abuse’ by cybercriminals, researchers warn

Cybercriminals are trying to make a fast buck off the Hamster Kombat game, which has become widely popular among Telegram users in Eastern Europe and elsewhere, according to recent reports.

Cybersecurity researchers have identified several threats targeting Hamster Kombat players, including Android malware distributed through the game’s unofficial Telegram channel, fake app stores that deliver unwanted advertisements and GitHub repositories distributing Lumma Stealer under the guise of offering automation tools for the game.

While the exact number of players targeted by cybercriminals remains unclear, the nature of Hamster Kombat and the promises made by its developers leave the game susceptible to exploitation, the researchers said.

In the game, players repeatedly tap hamsters on their screen to earn fictional currency. However, many users are chasing the opportunity to earn big if Hamster Kombat’s creators unveil a promised cryptocurrency tied to the in-game coins.

In about four months, the game has reportedly attracted 150 million active users, according to its developers, though the figures are difficult to independently verify.

In regions where Telegram is popular — including Russia, Uzbekistan, and Ukraine — interest in Hamster Kombat is particularly strong. Government officials from all three countries are advising users to stay away, while cyber researchers are warning of digital threats.

Android and Windows threats

Researchers at Slovak-based cybersecurity firm ESET said on Tuesday that they uncovered cyber threats related to Hamster Kombat that target both Android and Windows users. This includes fake app stores claiming to offer Hamster Kombat for download, but in reality leads users to unwanted advertisements.

A much larger threat comes from malware disguised as the game and distributed via Telegram. Dubbed Ratel, the malware is capable of stealing notifications, sending SMS messages, making calls and concealing its actions by hiding warnings that might indicate the device is compromised.

The malware can also check the victim’s bank account balance if they’re a customer of Russia’s Sberbank, and Ratel operators use the malware to pay for subscriptions and services with the victim’s funds without their knowledge.

Surprisingly, even though the malicious app misuses the name Hamster Kombat to attract potential victims, it contains none of the game's functionality and even lacks a user interface altogether, researchers said. It likely relies solely on the game’s name and the ubiquity of related Telegram channels.

Even though Hamster Kombat is a mobile game, hackers are also using its name to spread malware on Windows devices. ESET found GitHub repositories offering Hamster Kombat farm bots and autoclickers, promising to automate clicks in the game.

In reality, these repositories conceal code associated with the infamous Lumma Stealer malware. First observed in 2022, this malware is commonly distributed via pirated software and spam and targets cryptocurrency wallets, user credentials, two-factor authentication browser extensions and other sensitive information.

The GitHub repositories ESET discovered either had the malware available directly in the release files or contained links to download it from external file-sharing services.

An in-game screenshot of Hamster Kombat. Image: ESET

Telegram threats

Earlier this month, researchers at Russian cybersecurity firm Kaspersky also revealed that they observed cybercriminals abusing Hamster Kombat to steal Telegram accounts from Russian users.

In this scheme, hackers sent phishing links to fake services supposedly allowing users to withdraw in-game coins and convert them into Russian rubles.

Fake websites require users to log in via Telegram, allowing hackers to steal their credentials and gain access to victims’ accounts. Kaspersky has not specified how many Hamster Kombat players were affected by the scam.

“Hamster Kombat’s popularity makes it ripe for abuse, meaning it is highly likely that the game will attract more malicious actors in the future,” ESET researchers said.