Pokemon Go Imposters Continue to Threaten Android Devices
The release of the Pokemon Go augmented-reality app turned the Pokemon franchise into a global phenomenon. The massive hype, however, gives the developers of malicious apps the perfect opportunity to trick unsuspecting users into installing malware onto their phones. One of these fake and malicious Pokemon apps was able to enter the official Google Play Store briefly wreaking havoc among Android device users.
Table of Contents
The First Fake Pokemon App To Lock Your Screen
Although Niantic, Inc., the developers of the Pokemon Go app, has steadily expanded the list of countries where users can officially play the game, there are still quite a few places around the globe where the app is unavailable. This leaves quite a lot of people with no other choice but to turn to third-party app stores where they risks of getting infected with malware are far greater. The malicious app called Pokemon GO Ultimate, however, managed to find its way to the Google Play Store. Following a report by the IT security company ESET, Google swiftly removed the app.
During the time Pokemon Go Ultimate was available on the Google Play Store between 500 and 1,000 users had downloaded and installed the app, according to ESET's estimates. After getting permission to enter your phone, the Pokemon GO Ultimate app quickly drops the pretenses and instead of giving you access to the official game. Essentially, it installs another program – the PI Network application, and adds an icon for it on the user's phone. When the victim decides to start the PI Network app, an image that locks their screen will be displayed. The only way to get rid of it is to reboot the infected phone, but doing so may not be that easy because the malicious app's image overlays all other apps and system windows. Users may be forced to restart their device by either pulling out the battery or by using the Android Device Manager.
Rebooting the Infected Device Creates More Problems
Once the infected phone has been restarted, the Pokemon GO Ultimate app will delete its icon and move all of its operations into the background. Without the victim realizing it, the malicious app will start opening adult-themed websites and clicking on various ads, generating revenue for its developers in the process. To delete the app completely, the infected users must navigate to Settings -> Application manager -> PI Network and click on the Uninstall button.
Fake Pokemon Apps Deliver Scareware and Adware
The researchers from ESET discovered two other malicious apps that exploit the hype around Pokemon Go, called "Guide & Cheats for Pokemon Go" and "Install Pokemongo." Instead of delivering on their promises, these apps use scareware tactics to trick the users into paying for expensive and quite often fake services. For example, one of the pop-up alerts generated by the malicious apps may claim that the user's device is infected with numerous viruses that must be removed. The apps will offer to clean the phone but only after the user has sent an expensive SMS message as a subscription for the bogus service. Whenever the "Back" button is pressed, new scareware ads will be generated. The only way to remove them is by double-clicking the "Back" button.
Although these two apps were available on the Google Play Store for only a brief time before Google intervened, they still managed to trick thousands of users. Guides & Cheats for Pokemon Go, another malicious app, was installed between 100 and 500 times, while Install Pokemongo reached between 10,000 and 50,000 downloads.