Apps Business IT & Web-tech Mobile News Security

Pretending to be a Pokemon Go guide, malicious app infects thousands

AirDroid
Share on Facebook
Tweet about this on TwitterShare on Google+Share on StumbleUponShare on LinkedInPin on PinterestShare on Reddit

If you have been downloading Pokemon Go guides in your bid to be the best of them, well, you may unwittingly have invited some serious trouble your way. As per Kaspersky, the guide you downloaded may actually be a malicious app capable of some serious damage.

Pokemon Go is a huge, huge hit. Installed upon millions of devices, the game continues to occupy several significant hours of everyone’s life, across the world. Apart from the main application, there are also a large number of side apps — such as guides, walkthroughs — which purportedly make your pokemon journey that much easier.

However, Kaspersky has recently pinpointed a highly malicious app on the Google Play store that once downloaded and installed,  is capable of seizing root access rights on Android smartphones. It may then leisurely install/uninstall apps and display unsolicited ads.

Pokemon Go has spawned a huge number of applications from third-party developers. While many of them are benevolent — or at least limited to making a profit through legal means — some of them aren’t. The Cyber criminal community first started taking an interest in these apps, thanks to the huge interest generated by Pokemon Go.

Along the course of various such investigations, Kaspersky Lab chanced upon and then decided to analyze “Guide for Pokémon Go”. There, they discovered malicious code that downloads rooting malware, secures access to the core Android OS and then uses the enhanced privileges received by it for application installation and removal as well as for displaying unwanted advertising.

Also, let’s not forget that rooting also voids your warranty. So, your Pokemon Go passion may just force you to say goodbye to any free repairs you may have had coming your way.

The workings of the Trojan is pretty sophisticated and perversely impressive. After installation, it waits for the user to install or uninstall another app. This enables it to ascertain if it is currently running on a real device or on a virtual machine. IThe Trojan will then connect with its command server and upload details of the infected device, including country, language, device model and OS version.

Once it has been determined that infecting the device makes sense and could serve their purpose, the servers gives the virus the go ahead and it can then proceed with the downloading, installation and implementation of additional malware modules, as and when required.

The application has been downloaded over 500,000 times and at least 6,000 successful infections have been reported. Researchers have also managed to track at least nine other applications infected with the same Trojan — all of these applications have been available on Google Play Store at different times since December 2015. In short, we can expect at least a few hundred thousand people to have been affected by this virus since Pokemon Go first kicked off.

Speaking on the topic, Roman Unuchek, Senior Malware Analyst, Kaspersky Lab. said,

In the online world, wherever the consumers go, the cybercriminals will be quick to follow.  Pokémon Go is no exception.  Victims of this Trojan may, at least at first, not even notice the increase in annoying and disruptive advertising, but the long term implications of infection could be far more sinister.  If you’ve been hit, then someone else is inside your phone and has control over the OS and everything you do and store on it.  Even though the app has now been removed from the store, there’s up to half a million people out there vulnerable to infection – and we hope this announcement will alert them to the need to take action.

Meanwhile, if you believe that your device has been infected with the Trojan, we would advice scanning your smartphone with an anti-virus. You can then use malware removal tools or seek some professional help. In the meanwhile, we would advice you to ensure that any application you are downloading has been developed by a reputable developer and refrain from installing anything that looks suspicious.

Thanks Kaspersky. Meanwhile, this blatant misuse of something as innocent as Pokemon? I literally lost half my faith in humanity just now.


 

A bibliophile and a business enthusiast.

[email protected]


Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *