The Pokemon GO is the latest craze in gaming. It is a location-based augmented reality mobile game that has been published by The Pokémon Company. It has been developed by Niantic and the game runs on iOS and Android devices. Nearly everybody who is into gaming is crazy after Pokemon GO. Taking advantage of Pokemon GO’s huge popularity, cyber criminals have released malicious versions of the app, which has led to such massive downloads and widespread infection that could be greater than the downloads of the genuine app itself.
The free-to-play game is so famous that hackers have launched a DDOS attack to crash the servers of Pokemon GO. The gaming servers have crashed earlier, but it was due to the huge unexpected demand for the game. Apart from the malicious app doing the rounds, there have been reports of players having become so engrossed with the game that some have fallen off cliffs, some have crashed vehicles, and some are walking around crazily.
The Reason Behind the Malicious App
Pokemon GO has been released area by area – on July 4 it was launched in Australia and New Zealand, and then on July 6 in was released in the USA. The game has become very popular with ardent gamers clamoring for the game in their own geographical regions. The genuine version of Pokemon GO is available on Google Play Store and Appstore, but only for the respective regions.
Searches on the internet listed suggestions to sideload the gaming app outside of the reputed app stores. Sideloading would mean disabling the built-in security feature of not allowing downloads from unknown, third-party sources. But eagerness and curiosity have led many users to download. However, they got more than what they could wish for – bonus malware.
Within 72 hours of the game’s release in Australia, cyber criminals had released a malicious Android version in third-party download sites. This Pokemon GO version contained the gaming apk along with a malicious remote access tool (RAT). A RAT could give the cyber criminal complete control over the phone. This is a backdoor malware.
A comparison of the permissions granted for the apks revealed that the malicious apk has asked for permission to make calls and messages that cost money, and other sensitive permissions. Cybercriminals have cleverly designed the start screen that looks identical to the genuine app. The RAT is a DroidJack RAT that is programmed to communicate with a command and control (C&C) server.
Fake Lockscreen App
Cyber criminals have released apks with names and features close to the Pokemon app, and some of these have also been released on Google Play Store. The Pokemon GO Ultimate is a fake lockscreen app that locks the screen soon after the app is started. This forces the user to restart the device; further, rebooting would not be possible as the system settings screen would not be accessible. Hence, rebooting has to be done through Android Device Manager or by pulling the battery.
After re-installation, the Pokemon Go Ultimate apk runs with the name of “PI Network”. This malicious apk runs in the background and quietly keeps clicking on online porn ads, which would run a huge bill for the user, without the user being aware of it.
Precautions
- Be patient till the genuine version of the game is available for your country.
- Download apps only from reputed apps stores like – Google Play Store and Apple store.
- Be aware and be careful of the permissions granted to apks and allow only what is necessary and what you are comfortable with.
- Know about the publishers of the apks. Try to download apks only from reputed publishers.
- Be aware of the data that will be collected related to the usage.
- Keep your Operating system updated, along with the latest patches
- Get an effective Antivirus solution and keep it updated with the latest definitions. The security solution must have effective auto-sandboxing that does not allow execution of any unknown, malicious files.
- Run regular scans.