Cyber-Criminals surfing on the Pokemon Go Hype

Gauthier Befahy
Gauthier has been active in the IT field for over 10 years. Currently working for Scademy Ltd, He oversees global Sales and Marketing.

Pokemon GO is without doubt one of the biggest (if not the biggest) buzz the Internet has seen in the last years. Rolled over around the world, millions of users are now running around, phone in their hands, trying to catch Pokemons. This is all fun and games, but also a great opportunity for bad guys to affect millions of devices around the world.

ESET has discovered a lock-screen app, names Pokemon Go Ultimate. This app locks the screen right after the app is launched, forcing the user to reboot the device. However, the reboot function is unfortunately unavailable in most cases since the malicious app overlays all the other apps as well as system apps. The reboot can only be done via the Android Device Manager or by pulling out the Battery. So much for catching Pokemons… uh?

The Pokemon Go Ultimate app actually installs a PI Network app/icon, which once ran will freeze the screen and force the user to do a manual reset.  After rebooting the device, the app will stay hidden, but will still be running in the background and, by example, clicking on banners so as to generate revenues for its owners.

More importantly, this is step one of possibly upgrading this lock-screen malware to a ransomware! Users have to stay careful, and only use trusted apps!

But that’s not all!

Other malicious apps were also unfortunately discovered by ESET such as “Guide & Cheats for Pokemon Go” and “Install Pokemongo”. Those apps promises the users with PokeCoins, Pokeballs and any other sort of things… When what they really do is install malwares or scarewares onto your device, trying to lure the user into subscribing to numerous expensive bogus services.




Gotta Catch ’em All…. But please Beware of them all!

After ESET reported those Malicious Apps, they were immediately taken away from the Google Play Store. However, there will be others. It is important to still pay attention and to not download and is tall those malicious apps.
Those three apps could reach 500-1.000 users; 100-500 users and 10.000-50.000 users!

If you simply cannot resist to go out there and catch some Pokemons, we recommend to follow those guidelines before installing any apps :

  1. Only install from reputable sources
  2. Read reviews, filter out the positive ones to only read the negative ones.
  3. Pay attention to Ts&Cs, and apps permissions
  4. Have a mobile security solution!