Beware: Malicious Pokemon App Hijacking and Rooting Android Devices
At any given time during today's culture, there is a hot item that captivates millions around the world. Today, one of those in things happens to be the Pokemon GO app that has taken the smartphone and mobile device world by storm in recent months. Unfortunately, with the fame of Pokemon GO hackers have leveraged its popularity to masquerade malicious Pokemon apps only to hijack and root Android devices.
Countless users are intrigued by the new Pokemon GO game and could be on the hunt for other components, such as one that is masquerading as a Guide for the Pokemon GO app, which is malicious and is known to root and hijack Android devices. The new app named Guide for Pokemon GO made its way onto the Google Play Store and had been downloaded and installed by over 500,000 users. Of those users, about 6,000 have had their Android smartphones rooted and placed under the malware author's control.
Kaspersky recently unfolded their telemetry data from its security products to verify about 6,000 users having their devices compromised by the malicious Guide for Pokemon GO app. During July of this year, another malicious version of the same app was uploaded to the Google Play Store but later removed after the discovery of the app having a Trojan packed inside. Now, the app has returned as a different variation sporting the "Guide for Pokemon Go" name.
The apparent scheme for the malicious Android app is to leverage the popularity of Pokemon GO. The cybercrooks behind the malicious apps are adept in their ability to ride the popularity wave of whatever app is reaching the most users at the time.
The Trojan horse hidden deep inside of the rogue Pokemon app is devious in its actions, which includes the ability to connect to a command and control (c&c) server to await new commands to carry out on an infected Android device. When the Trojan takes action, which is usually two hours after infecting the Android device, it sends a JSON file with several links that the Trojan follows and downloads several files on the infected device. From there, the files initialize several exploits that root the device and give the attacker system-level access. With such access, attackers can conduct malicious activities through the device and gather personal user data.
Google has been inclined to remove apps that are found to be malicious. Though, such actions to remove apps identified as malicious come too late to prevent thousands of Android users from having their devices infected. While the malicious Pokemon app has been withdrawn from the Google Play Store, the half-million users who have downloaded the malicious Pokemon app but have yet to have their device rooted still face grave dangers once the app is accessed.
In the past, we have warned users to stay away from third-party Android app sources on the Internet. Unfortunately, at times, Android device users are continually faced with the threat of malicious apps even when downloading them from the Google Play Store. Hopefully, Google continues to monitor apps and remove them quick enough to prevent infecting several devices.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.