The popular smartphone game Pokemon Go touched massive success and became a global phenomenon soon after its release. However, this has also caught the attention of hackers. The game, which was available only in a few countries initially, provoked many desperate players to download it from third-party sites. This encouraged hackers to inject malware into many of the downloads and take control of victims’ smartphones.
Pokemon Go malware app downloaded half a million times
Now as the game became available in more countries, the malware-infected versions seems to have faded away as most smartphone users now have the genuine game, but security researchers have found a new problem: hacker-designed apps linked to the game, according to Digital Trends.
Cyber-security firm Kaspersky Lab has discovered one malware-infected Android app call Guide for Pokemon Go. According to the security firm, the app has been downloaded more than half a million times. The app is available on the Google Play store in the free app column, and it details newcomers about the augmented reality game and gives tips and tricks to become a skilled trainer. But this fake app contains malware that enables hackers to take control of the phone.
According to Kaspersky Lab, “Analysis reveals that the app contains a malicious piece of code that downloads rooting malware – malware capable of gaining access to the core Android operating system.”
Until now, there had been 6,000 successful infections. The free app infections have hit smartphone users in Indonesia, Russia and India, but the fact that the app is in English suggests other users around the world may also be affected, says Digital Trends.
According to Kaspersky Lab’s Kate Kocheteva, the malware isn’t activated immediately, but it definitely floods the phone with ads, and the worst happens when the malware secretly installs unwanted apps. After the Trojan finds out that a phone is being used, it will wait for a few hours before communicating with its home server and proceed only after it gets the call to action.
“This approach means that the control server can stop the attack from proceeding if it wants to – skipping those users it does not wish to target, or those which it suspects are a sandbox/virtual machine,” says Kaspersky Lab.
Kaspersky Lab cautions users to be aware of the malware and suggests deleting the app and running free scanning software just to confirm if the device has been infected.