Cyber criminals have attempted to cash in on the overwhelming success of the Pokemon Go app by using it as cover for malware discovered in the Google Play store. In one instance, an app titled Pokemon Go Ultimate in the official storefront installs as PI Network on the Android device of the user.
Once installed and launched, the app locks the user’s screen, necessitating a forced restart. In some instances, this requires removing the battery or using the device manager. Once the device reboots, a version of the malicious app runs in the background and invisibly clicks on adds in order to generate fraudulent revenue streams. The listing for PI Network disappears from the list of apps.
Other malicious apps titled Guide & Cheats for Pokemon Go and Install PokemonGo were also discovered in Google Play. These apps deliver forms of scareware – essentially fake warnings that trick users into paying for unnecessary security services. In order to attract users, these apps initially promise to generate huge numbers of Pokecoins, Pokeballs and other forms of in-game currency for the user.
Before offering anything of value, however, these apps ask users to “verify their account” and then surreptitiously sign the user up for expensive and unwanted services. In other instances, they display fake pop up adds encouraging users to subscribe to these services on their own.
Analysis has show these apps are capable of deploying a variety of tactics, including automatically downloading other apps, generating fake surveys, and claiming fake contest winnings. The attacks vary depending on where the user IP is localized.
Google was quick to respond and has removed these apps. Before the company’s response, however, the apps were downloaded thousands of times. Install PokemonGo is estimated to have been installed between 10,000 and 50,000 times.
Pokemon Go was first released on July 6th and has been downloaded more than 10 million times from the Google Play store. It has also been the target of cyber criminals already. A group calling itself PoodleCorp has claimed it was responsible for a server outage that disabled the app over the weekend. The group has threatened a much larger distributed denial of service attack on August 1st. Experts question whether these threats are real or simply publicity stunts.
Considering the runaway popularity of Pokemon Go and its enduring appeal for users thus far, it’s expected to be an ongoing target for cyber criminals.