Malicious Pokémon Go App Targeting Android Discovered

Written by

Researchers have discovered a rogue Pokémon Go app on the Google Play Store that has been downloaded over 500,000 times, and infected over 6,000 Android smartphones.

The app, called Guide for Pokémon Go, can seize root access rights on Android devices and use that power to install and uninstall apps and display unwanted adverts. It was first discovered by researchers at Kaspersky Lab, who notified Google. The app has now been removed from the Play Store.

Before it was taken down however, researchers say it was available throughout July 2016. They also found nine other apps containing the same Trojan available at various times dating back to December 2015.

Kaspersky’s researchers said the app contains some “interesting features” that enable it to bypass detection once on a device. Instead of running as soon as it’s downloaded, the app waits for the user to install or uninstall another application and then runs checks to see if it’s on a real device or a virtual machine.

“If it’s dealing with a device, the Trojan will then wait another two hours before starting its malicious activity. Even then, infection is not guaranteed,” Kaspersky said in a blog. “After connecting with its command server and uploading details of the infected device, including country, language, device model and OS version, the Trojan will wait for a response. Only if it hears back will it proceed with further requests and the downloading, installation and implementation of additional malware modules.”

This means that not all users who download the app will subsequently become infected, Kaspersky said. It also provides the malicious app with an additional layer of security.

Those users who are infected will see other applications installed and uninstalled, and unsolicited adverts displayed on their screen.

“In the online world, wherever the consumers go, the cyber-criminals will be quick to follow,” said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab. “Pokémon Go is no exception. Victims of this Trojan may, at least at first, not even notice the increase in annoying and disruptive advertising, but the long term implications of infection could be far more sinister. If you’ve been hit, then someone else is inside your phone and has control over the OS and everything you do and store on it.”

Given the popularity of Pokémon Go, it’s no surprise to see cyber-criminals attempting to lure victims through malicious apps. Researchers recently discovered ransomware masquerading as a Pokémon Go app, while a malicious version of the wildly popular mobile game was released just a few hours after the game came out. The official version, meanwhile, has been criticised for the excessive permissions it requires when being installed.

Photo © Zanariah Sa;am/

What’s hot on Infosecurity Magazine?