Malicious Pokémon GO Apps Appear in Google Play

Malicious Pokémon GO Apps Appear in Google Play

File under “that didn’t take long:” Fake, malicious Pokémon GO apps have appeared in the wild.

First and foremost, ESET discovered a fake lockscreen app on Google Play, named Pokemon GO Ultimate. It deliberately locks the screen right after the app is started, forcing the user to restart the device. After reboot, it runs in the background hidden from the victim, silently clicking on porn ads online.

“Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows,” ESET said in an analysis. “The user needs to restart the device either by pulling out the battery or using Android Device Manager.”

After the installation from Google Play, there was no evidence of Pokemon Go Ultimate on the devices, but instead an app using the name “PI Network” and a different icon was added.

ESET researchers also discovered bogus apps named “Guide & Cheats for Pokemon Go” and “Install Pokemongo” on Google Play. Both apps require the user to “verify his account.” Instead of any serious verification, they attempt to mislead the user into subscribing to expensive bogus services, and display various fraudulent pop-up alerts. One of them claims that the device is infected with many viruses and needs to be cleaned. Of course, the app promises to clean up the device, which could cause the user to unwillingly send a subscription SMS to bogus—yet expensive—services.

It’s undoubtedly a huge internet phenomenon, but for now, Pokémon GO is only officially available in a few countries—US, Australia, New Zealand, Germany and the UK—so the opportunity for criminals to target those in other areas with knock-off apps is immense.,

“The bad guys are aware [of Pokemon GO’s popularity] and are trying to exploit the hype by infecting Pokémon-hungry victims with malicious fake apps,” ESET said. “Pokemon GO Ultimate serves as a perfect example.”

Pokemon GO Ultimate is also the first observation of lockscreen functionality being successfully used in a fake app. ESET researchers pointed out that it takes just one small step to add a ransom message and create the first lockscreen ransomware on Google Play.

All three of the malicious apps mentioned were removed from the Google Play store after being reported by ESET. Having been available on Google Play for just a short period of time, they only managed downloads numbering in the thousands. Pokemon Go Ultimate reached 500 – 1,000, Guide & Cheats for Pokemon Go reached 100 – 500 and the most successful of them, Install Pokemongo, attracted 10,000 – 50,000 victims.

This is very likely not the last of the bad apps that we’ll see of course. And, as Infosecurity previously reported, even the official app carries security risks.

Photo © Wachiwit/

Source: Information Security Magazine