ESET Discovers Fake Apps on Google Play Targeting Pokémon GO Users

SAN DIEGO, July 15, 2016 /PRNewswire/ -- ESET®, a global pioneer in proactive protection for more than two decades, today announced the discovery of fake apps on Google Play targeting Pokémon GO users. All fake apps were detected by ESET Mobile Security® – lockscreen app named "Pokémon GO Ultimate" and scareware apps "Guide & Cheats for Pokémon GO" and "Install Pokémongo" – are no longer available on Google Play. They have already been removed from the store at ESET's recommendation.

Having been available on Google Play for only a short time, the apps only managed downloads numbering in the thousands. "Install Pokémongo" attracted 10,000 – 50,000 victims, the "Guide & Cheats for Pokémon GO" reached between 100 – 500, and the most dangerous of them, "Pokémon GO Ultimate" reached 500 – 1,000 downloads.

"Pokémon GO Ultimate" resembles a version of the much hyped game but its true functionality is malicious: it deliberately locks the screen immediately after startup. In many cases, reboot – the intuitive solution for a frozen screen – is not available because the app overlays all the other apps as well as the system windows. Users must resort to restarting their device either by pulling out the battery or using Android Device Manager. After reboot, it runs in the background, invisible to the victim, silently clicking on porn advertisements. To get rid of it, the user needs to go to Settings -> Application manager -> PI Network and then uninstall it manually.

"'Pokémon GO Ultimate' is the first observation on Google Play of lockscreen functionality being successfully used in a fake app," explains Lukáš Štefanko, ESET Malware Researcher.  "As its ultimate functionality is clicking on porn ads, it's not truly damaging. But as for its lockscreen functionality, it'd only take adding a ransom message to create the first lockscreen ransomware on Google Play."

Along with "Pokémon GO Ultimate" which bears signs of both Screen Locker and Porn Clicker, ESET researchers also found other Pokémon GO-related malware on Google Play. Bogus apps named "Guide & Cheats for Pokémon GO" and "Install Pokémongo" on Google Play, belong to the Scareware family. They trick their victims into paying for unnecessary services. Promising to generate Pokécoins, Pokéballs or Lucky Eggs – up to 999,999 each day – they lure victims into subscribing to expensive bogus services. (Such functionality has recently been described in an article published on ESET's blog, WeLiveSecurity.com.)

"Pokémon GO is such an appealing game that despite of all the warnings by security experts, users tend to accept the risks and download anything to catch all the Pokémon," notes Lukáš Štefanko.  "Those who really can't resist the temptation should at least follow the most basic security rules."

ESET experts remind users to only download apps from reputable sources, and use a mobile security solution, like ESET Mobile Security, that can scan and identify malicious apps, as well as check permissions to ensure apps are not accessing unnecessary information.

The full article on this discovery can be found here: http://www.welivesecurity.com/2016/07/15/pokemon-go-hype-first-lockscreen-tries-catch-trend/

About ESET:
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.

Logo - http://photos.prnewswire.com/prnh/20121109/SF09648LOGO

SOURCE ESET