Malware In Play Store Disguises itself as Pokemon GO

AH Virus Malware Piracy Skull Death Samsung logo 1.0

Pokemon GO’s immense launch has caused more than its fair share of problems, even beyond the people getting robbed or driving into trees that you may have heard about. While Nintendo grapples with fans who have sideloaded Pokemon GO and shouldn’t have it yet, a much more pressing storm is brewing in the Play Store. Security research firm ESET found something troubling; A number of app purporting some relation to Pokemon GO have popped up, bearing malware. One of them even goes as far as circumventing a user’s lock screen security. They have since all been removed, but this is not the first time, of course, that malware creators have cashed in on major apps and gotten their creations into the Play Store, and it certainly won’t be the last.

The app featuring the fake lock screen is called Pokemon GO Ultimate, and only managed to garner between 500 and 1,000 downloads before Google swept in and put the kibosh on it. For the users unlucky enough to actually download it, a Pokemon GO themed lockscreen replaced their normal one immediately upon app launch, and overlaid all system windows, keeping users from shutting down. A battery pull or long-press of the power button, or rebooting via Android Device Manager, was the only escape. After rebooting, the phone ran the app, now disguised as PI Network and hidden from the app drawer, in the background, where it clicked ads infinitely to make money. Luckily, it was able to be uninstalled by users manually through their settings menu, just like any other app.

The other two apps that were found were Guide & Cheats for Pokemon GO and Install Pokemongo, both of which promised users the moon, only to deliver nothing but attempts to scam users into subscriptions, mainly via scareware. Users are bombarded with scary messages that suggest that their device is in need of a cleaning, and they have the option to pay for a service that will do it for them. If they try to press the back button and exit, a new one pops up. Double-pressing the back button was the only exit for users infected with these two apps, which could also be removed through the Settings menu.