Sunday, 17 July 2016

Fake Pokémon GO app on Google Play infects phones with malware



Credit: TNW

In the wake of the craze, malware variants of Pokémon GO & other related apps have appeared on the Google Play store.

Malware apps documented to-date:

● Pokémon GO Ultimate

● Guide & Cheats for Pokémon GO

● Install Pokémongo


Promptly removed from the Google Play store, they may still appear on third-party app stores.

Impacts of the malware in question include:

● locking device screen

● rename itself to evade counter measures

● remove itself from the device app menu to evade counter measures

● run in the background & click on ads to generate income for its creator

● display messages that claim that the device is infected with malware (actually true) which advise the user to buy further apps & services to remove malware

● install a backdoor app called DroidJack (aka SandroRAT) which grants an attacker full access to the device


What you can do to protect yourself:

● keep all software up-to-date, including Android itself – as they become available for your device

● avoid using third-party app stores – apart from Amazon

● avoid apps from unknown developers


Ars Technica
https://arstechnica.com/security/2016/07/fake-pokemon-go-app-on-google-play-infects-phones-with-screenlocker/

Gizmodo
https://gizmodo.com/more-fake-pokemon-go-were-released-to-ruin-your-phone-1783761949

Naked Security
https://nakedsecurity.sophos.com/2016/07/12/fake-pokemon-go-app-watches-you-tracks-you-listens-to-your-calls/
/ fake Pokémon Go app Google Play infects phones screenlocker Pokemon Go Ultimate battery removal Device Manager uninstalled badware malware Pokémon Go frenzy sneak fake wares official Google Play marketplace security researchers researchers antivirus provider Eset Google-hosted marketplace Pokemon Go Ultimate biggest threat locks the screen devices installed restarting infected phone unlock the screen Infected phones unlocked removing the battery using the Android Device Manager screen has been unlocked device has restarted app renamed title PI Network removed from the device's app menu continues to run in the background surreptitiously clicks on ads generate revenue for its creators first observation lockscreen functionality fake app Google Play Eset malware researcher Lukas Stefanko ransom message lockscreen ransomware Google Play Eset discovered fake Pokémon Go apps Google Play Guide & Cheats for Pokemon Go Install Pokemongo deliver ads fraudulent scary-sounding messages designed trick users buying expensive unnecessary services message device is infected with malware prompts user spend money get malicious apps removed user presses Back button new scareware pop-ups advertisements appear Stefanko double-clicking Back button apps first case scammers exploit the ongoing Pokémon Go craze researchers from security firm Proofpoint backdoored version of the Pokémon Go app Android contained all the functions of the legitimate app also included remote access tool DroidJack SandroRAT gives an attacker full control over an infected phone malicious app available in third-party third party 3rd-party 3rd party app stores avoid marketplaces increased chances include harmful wares die-hard Pokémon fans sideloading side-loading side loading official Pokémon Go unavailable available in many countries apps discovered by Eset available in Google Play Google Eset reported them continued presence of malicious apps inside the official Android marketplace significant limits Google's attempts detect malicious abusive behavior before admitting titles run Pokémon Go Android phone download app only from Google Play closely inspect the publisher number of downloads other data for signs of fraud before installing /