Wednesday, 20 July 2016

Warning - Fake Lockscreen Pokemon Go Ultimate on Google Play

ESET has discovered the first ever fake lockscreen app on Google Play, named Pokemon GO Ultimate.

As its characteristics suggest, it deliberately locks the screen right after the app is started, forcing the user to restart the device. Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows. The user needs to restart the device either by pulling out the battery or using Android Device Manager. After reboot, it runs in the background hidden from the victim, silently clicking on porn ads online.

With Pokémon GO arguably the biggest buzz the internet has seen lately, users are keen to get their hands on the app. However, as it is currently only officially available in a a few countries – US, Australia, New Zealand, Germany and the UK – this comes with risks.

The bad guys are aware of this and are trying to exploit the hype by infecting Pokémon-hungry victims with malicious fake apps. Pokemon GO Ultimate serves as a perfect example, promising the victim to play the original title, but instead delivering only malicious activity.

This is the first observation of lockscreen functionality being successfully used in a fake app that landed on Google Play. It is important to note that from there it just takes one small step to add a ransom message and create the first lockscreen ransomware on Google Play.

All three of the malicious apps mentioned were removed from the Google Play store after being reported by ESET. Having been available on Google Play for just a short period of time, they only managed downloads numbering in the hundreds. Pokemon Go Ultimate reached 500 – 1,000, Guide & Cheats for Pokemon Go reached 100 – 500 and the most successful of them, Install Pokemongo, attracted 10,000 – 50,000 victims.

Security experts at ESET have warned about fake versions of the Pokémon GO game’s APK and about malicious apps masquerading as Pokémon Go tutorials or cheats. Pokémon Go is so appealing that despite all of these warnings users tend to accept the risks and download everything that might help them “catch ‘em all”.

For those who really can’t resist the temptation of chasing Pokémon all around and live outside of the approved countries, ESET experts have the following advice:
Download from reputable sources only
Check user reviews and focus on negative comments (keep in mind that positive ones may be fabricated)
Read the app’s terms and conditions, focus on permissions
Use a quality mobile security solution