In the latest attempt to take advantage of countries where Pokémon Go is not available, an APK claiming to be the in-demand game secretly targets your phone with porn ads.
If you haven’t already enabled the new Chrome browser app that blocks all references to Pokémon Go, then you’re probably quite familiar with the game that is now one of the most downloaded apps ever, and has a higher average daily use than Facebook and WhatsApp.
However, only a limited number of countries actually have access to the game, and more and more people across the world have decided they can’t wait any longer.
Not just APKs anymore
Pokémon Go APKs – which give you access to a mirrored copy of the game – can be downloaded from multiple online sources, but already a number of security issues have arisen from this practice.
Just the other day, the security firm Proofpoint highlighted one APK found online that, when downloaded on to a person’s phone, would give a hacker a back door into the device and free rein to do what they want with your information.
Now, ESET has revealed an even more worrying fake that isn’t an APK, but an app found on the official Google Play Store called ‘Pokemon Go Ultimate’. (Note the absence of the accented E – a giveaway for fakes.)
Once downloaded, the app deliberately locks the person’s screen immediately after it’s booted up, forcing the user to restart the device.
This is difficult, however, given that it’s designed to make this impossible without taking out the phone’s battery or accessing the (usually hidden) Android Device Manager menu.
Two of the fake apps now removed from the Google Play Store. Image via ESET
No easy fix
Even after this, the problems don’t stop. While your phone appears like it’s back to normal, malware continues to run in the background, clicking on porn ads.
During testing, ESET found that once this fake Pokemon Go Ultimate app has been installed, its name doesn’t appear anywhere on the phone. Rather, it shows up as an app called ‘PI Network’, with an entirely different icon.
The discovery of this app on the Google Play Store has further ramifications for Android users, let alone Pokémon Go players, as ESET said this app is the first observation of lockscreen functionality that’s successfully landed on Google Play.
“It is important to note that from there it just takes one small step to add a ransom message and create the first lockscreen ransomware on Google Play,” ESET said.
The scareware found after installation of the fake apps. Image via ESET
Over 50,000 duped
Other fake apps discovered on Google Play called ‘Guide & Cheats for Pokemon Go’ and ‘Install Pokemongo’ that contain ‘scareware’ ads, built to scare users into downloading unnecessary services or fake in-app purchases.
All three apps have now been removed from Google Play but, in the short amount of time they were online, up to 50,000 Android users were duped into downloading Install Pokemongo alone.
Security firms continue to advise people in countries where the game is not available to download to simply be patient and avoid clearly counterfeit copies.
Pokémon zombies image via Canadapanda/Shutterstock
