Researchers from many security companies have found numerous Pokémon Go applications to have a malicious backdoor, malware, adware, and many other programs that are sending messages to their contacts and the user links, infecting devices. Pokémon Promo was one of those websites, and resembled the authentic Pokémon Go websites – offering rewards for providing an additional ten or more users in a spamming technique – however, this website has now been taken down.
Adaptive Mobile, a security company based in Dublin, Ireland, stated that it has also discovered another scam. This scam offers players more than ten thousand Poke Coins once they had collected a hundred points. According to the company’s Chief Intelligence Officer, once a hundred points were made, a message would appear containing a shortened URL that led to spamming websites, some of which were related to Pokémon Go, while others weren’t.
The company discovered another bogus Pokémon Go website (Pokémon dot Vif PPoints dot xxxx) that was being advertised on many social media websites, and was offering users Poke Coins if they recommend the website to other users. Also, another website, known as Pokémon Generator, offered users Poke Coins directly to their accounts if they entered their Google account details, the same ones that they were using on the Pokémon Go application.
Many of these malicious applications are still out there, waiting for users who are willing to take the risk. These applications will continue to emerge unless Niantic offers a worldwide release, or if the hype of Pokémon Go dies away.
According to Cathal McDaid, an intelligence and security expert at Adaptive Mobile, any messages that are offering Poke Coins – or even mentioning the Pokémon Go application – the URL’s in those messages can lead the user to a malicious website(s) containing malware, viruses, adware or ransomware.
Which reminds me of another case, where a ransomware was coded into a Pokémon Go application available for download on the Internet. The ransomware, called Hidden Tear, was a strain from the ransomware family that shared some traits of Locky. It used AES encryption to lock down files by adding the extension (.locked). Not only did it encrypt the files, but it also installed a backdoor to your machine, creating a network sharing system on your PC.
According to a security researcher at the Bleeping Computer, the ransomware is targeting ethnic groups of Arabic nationality. Once it infects the target machine, it changes the screensaver – showing Pikachu with additional text written in Arabic saying ‘veryimportant.txt’, and that file is saved on the users desktop.
Jawed Malik, a security expert at Alien Vault, states that profiling a racial group using popular applications – and this time being Pokémon Go – for spreading the ransomware or the virus, is not something new.
The Pokémon Go application has been downloaded more than a hundred million times since its launch, and the numbers are increasing day by day.
The Other Way Around
For now, all we can say is that you don’t download it from unofficial sources. If you want to play it, get a VPN for your phone, force stop Google Play, clear the data and clear the cache. Once that is done, fire up the VPN, set the location to any place in the United States and start up your Google Play. From there, enter the information and search Pokémon Go to enjoy the official release.
Source: Bleeping Computers, Adaptive Mobile Blog
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (Malicious Game Infects Millions of Users) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.