Security Researchers Find 215 Fake Pokemon Go Apps And Issue Android Ransomware Warning

More than 200 mobile apps claiming to be genuine versions of Pokemon Go have been found lurking on mobile app stores, including the first ever fake lockscreen application for Android.

RisKIQ says 215 unofficial apps were spotted on more than 21 mobile app stores, growing at a rate of eight per hour over a 23 hour period, as scammers seek to capitalise on the popularity of the game, which is only available in a number of countries at present.

All these apps do is steal data by requesting permissions, subscribe users into paying for premium rate SMS services or attempt to click on advertising while running in the background.

Read More: What does Pokemon Go mean for IT departments?

Lockscreen

‘Pokemon Go Ultimate’ is the aforementioned lock screen app. If downloaded from Google Play, users will find no evidence of the app after installation and will instead see something called ‘PI Network’. If this is opened, the screen is locked deliberarely, forcing users to reboot.

“Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows,” said ESET. “The user needs to restart the device either by pulling out the battery or using Android Device Manager. After reboot, it runs in the background hidden from the victim, silently clicking on porn ads online.”

The only way to remove the application is to go the Application Manager and uninstall it manually. However researchers are concerned that the methods used mean Android ransomware isn’t that far away.

“This is the first observation of lockscreen functionality being successfully used in a fake app that landed on Google Play,” said ESET. “It is important to note that from there it just takes one small step to add a ransom message and create the first lockscreen ransomware on Google Play.”

Pokemon Go fake apps

Other apps spotted include ‘Guide & Cheats for Pokemon Go’ and “Install Pokemongo’, both of which deliver ‘scareware’ adverts encouraging users to pay for expensive unnecessary services by claiming their phone is riddled with malware.

“The virus removal masquerade is only one example of the apps’ scareware techniques,” said ESET. “They can also download other applications, create surveys and display scam ads where the user has allegedly won prizes such as the new iPhone, Galaxy S7 Edge or even large amounts of money. The techniques deployed depend on the country where the user’s IP is being localized.”

ESET reported all three to Google which removed them from its marketplace. However it is thought Pokemongo could have been downloaded as many as 500,000 times before it was deleted.

Pokemon Go developer Niantic Labs has staggered the worldwide launch of the game so its servers can cope with demand. This has caused some to look for less than official ways to get their hands on the app – exposing themselves and companies to security risks.

EE said it had 350,000 Pokemon Go players on its network even before the app was released officially in the UK. That figure has now risen to 850,000, 24 hours after the launch.

Quiz: What do you know about video game technology?