Researchers have discovered three malicious apps taking advantage of Pokémon GO’s immense popularity, offered for download on Google Play.
Google has already removed them, but not before thousands of users downloaded them and infected their devices.
Android malware impersonating Pokémon GO
One of the apps, named “Pokemon Go Ultimate,” pretended to be the popular game, but is actually an ad-clicker app.
Once installed, it would show a name (“PI Network”) and an icon that has nothing to do with Pokémon. If curious victims ran it, the app would freeze and lock the screen:
The only way to unfreeze the device is to restart it by removing the device’s battery and inserting it again. Once the device is ready to be used again, the PI Network app (and its icon) are nowhere to be seen.
Ignoring it after all this is a big mistake, as it still runs in the background, and silently clicks on ads on the victim’s behalf.
The app was downloaded by at least 500 users, and likely more. It can be removed by going to Settings -> Application manager, choosing “PI Network” and manually uninstalling it.
The other two apps – “Guide & Cheats for Pokemon Go” and “Install Pokemongo” – promise free game resources (Pokeballs, Pokecoins, etc.), but require users to “verify” their accounts.
The apps are not after the users’ Pokémon GO credentials. Instead, the request is aimed at tricking users into subscribing to expensive bogus services.
And, after that, the apps start popping up alerts, claiming the device is infected with malware, and that it can solve the problem if the user sends an SMS to subscribe to yet another pricy service.
Alternatively, the user is bombarded with scammy ads, surveys and notifications saying he or she has won prizes (new iPhone, money). The apps are able to detect the IP address of the device, and show these fake notices in a language that the user will understand (English, German, Spanish, etc.)
The most popular of these fake apps – “Install Pokemongo” – was downloaded by 10,000 to 50,000 victims.
How to avoid these type of apps in the future
ESET researchers are sure that other Pokémon GO-themed malicious apps will again manage to find their way on Google Play and third-party app marketplaces.
In order to avoid becoming a victim, they advise users to be extra careful when reviewing apps before installing them.
“Check user reviews and focus on negative comments (keep in mind that positive ones may be fabricated). Read the app’s terms and conditions, focus on permissions,” they counsel.