A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare.

This tricking users into installing malware, threat actors commonly distribute them as gamer installers, cheats, and cracks .

An Android ransomware masquerading as a mobile version of the Cyberpunk 2077 game. The game was being distributed from a fake website impersonating the legitimate Google Play Store.

This ransomware is the same as one discovered in November that was disguised as a Windows Cyberpunk 2077 installer. Like the Android version, this ransomware calls itself CoderWare but is a variant of the BlackKingdom ransomware.

The Windows variant was a python compiled executable that would encrypt a victim’s files and append the .DEMON extension to encrypted file’s names.

Attempting to install copyrighted software for free, you face huge risks of malware infections. This risk is even more significant when you try to install Android apps from third-party app stores.