Watch Out For Fake Pokemon Go Apps

Watch Out For Fake Pokemon Go Apps
Image Source: PIRO4D/

Hackers have been quick to try and capitalize on the immense popularity of augmented reality smartphone game Pokemon Go.

The first malware linked to Pokemon Go was spotted online earlier this month, but never made it onto the official Google Play store. This limited its threat, but a new group of malicious apps present a greater security risk.

Fake apps hook in Pokemon Go players

The new apps hook users in by promising to provide tips and cheats, among other functions. They contain malicious code that hijack users’ phones to click porn ads, or trick them into buying expensive bogus services.

Why The Term ‘Value Investing’ Is Redundant

Warren BuffettWhat does value investing really mean? Q1 2021 hedge fund letters, conferences and more Some investors might argue value investing means buying stocks trading at a discount to net asset value or book value. This is the sort of value investing Benjamin Graham pioneered in the early 1920s and 1930s. Other investors might argue value Read More

Security researchers at ESET Mobile Security were responsible for discovering the apps. One is a lockscreen app called “Pokémon Go Ultimate,” while others include “Guide & Cheats for Pokémon GO” and “Install Pokémongo.”

When ESET found the apps they were still live on Google Play, but they were later removed by Google.

Dangerous malware promises in-game items

Researchers say that “Pokemon GO Ultimate” looked like the normal game, but would cause the screen to lock after startup. Rebooting would not solve the problem, and users had to pull their battery out or resort to using Android Device Manager.

Watch Out For Fake Pokemon Go Apps

However after reboot the app continued to run in the background and would click on porn advertisements. The only way to uninstall was to use Android Settings to remove the app manually.

Hackers could have put the app to far worse use, for example by adding a ransom message. If they had done so it would have been the first time that lockscreen ransomware had been seen on Google Play.

The other apps did not hijack phones, but encouraged users to subscribe to unnecessary services using “scareware.” They promised to generate up to 999,999 valuable in-game items like Pokécoins, Pokéballs or Lucky Eggs for Pokémon Go if users verified their accounts.

When users provided their details they would be bombarded with pop-ups which told them that their device had a virus and needed to be cleaned. Providing details here would sign them up to SMS subscription services and other expensive functions, depending on where they were based.

More malware likely to appear online

None of the apps lasted long before being removed from Google Play, and didn’t attract many victims as a result. “Pokémon Go Ultimate” reached 500 – 1,000 users, “Guide & Cheats for Pokémon Go” reached 100 – 500, and “Install Pokemongo” attracted 10,000 – 50,000 victims, according to ESET.

While these numbers may be low, it is still worrying that they were able to make it on to Google Play. While Apple keeps strict control of the apps that are included on its App Store, Google has become known for more lax security procedures. However the company did claim last spring that apps were now verified by human agents rather than automated systems.

Google usually reacts quickly when malicious apps are flagged, but has been criticized for allowing adware and scareware to go live. The popularity of Pokemon Go means that there will likely be many more fake apps appearing online, and Google should act to prevent users falling victim to scammers.

As it stands it is best to refrain from installing third-party Pokemon Go apps. While you may want to get out there and catch them all, it makes no sense to do so at the expense of your online security. If you insist on playing, do so on the official app in order to stay safe.

Previous article Airports Still Await Expansion Decision
Next article Pokemon Go Locations Apps Help You Find The Rare Pokemons
While studying economics, Brendan found himself comfortably falling down the rabbit hole of restaurant work, ultimately opening a consulting business and working as a private wine buyer. On a whim, he moved to China, and in his first week following a triumphant pub quiz victory, he found himself bleeding on the floor based on his arrogance. The same man who put him there offered him a job lecturing for the University of Wales in various sister universities throughout the Middle Kingdom. While primarily lecturing in descriptive and comparative statistics, Brendan simultaneously earned an Msc in Banking and International Finance from the University of Wales-Bangor. He's presently doing something he hates, respecting French people. Well, two, his wife and her mother in the lovely town of Antigua, Guatemala. <i>To contact Brendan or give him an exclusive, please contact him at [email protected]</i>

No posts to display