Pokémon GO has been out for a little over a week, and it's not just Pokémon fans that have been getting in on the craze: regular smartphone users and business owners have been joining the action as well.

Unfortunately, Niantic Labs and the Pokémon Company's runaway hit has also attracted the attention of malware purveyors who have tried to exploit the game's success in order to make some easy cash, and in doing so, have reached an unprecedented milestone: managing to sneak their fake wares into the official Google Play marketplace.

According to researchers from antivirus provider Eset, at least three fake Pokémon GO apps were discovered in the Google-hosted marketplace. Of these three, one app, called Pokémon GO Ultimate, was particularly noteworthy because it forcibly locks the screen of devices immediately after being installed, oftentimes forcing the user to either remove the battery from the infected phone or use Android Device Manager to unlock it.

Once the screen has been unlocked and the device has restarted, the app, which has since been renamed as PI Network, is removed from the device's app menu. Despite that, it will still continue to run in the background and click on ads in a bid to generate revenue for its creators — quite similar to another piece of malware that made headlines in recent weeks.

"This is the first observation of lockscreen functionality being successfully used in a fake app that has landed on Google Play," Eset malware researcher Lukas Stefanko wrote in Friday's post. "It is important to note that from there it takes just one small step to add a ransom message and create the first lockscreen ransomware on Google Play."

Aside from Pokémon GO Ultimate, there were two other fake apps, called Guide & Cheats for Pokémon GO and Install Pokémongo, which did the same thing: bombard the unsuspecting user with fake ads that aim to convince him/her to buy expensive, unnecessary services, such as claiming the device is infected with malware and urging the user to spend money to remove it.

"Every time the user presses the 'Back' button, new scareware pop-ups and advertisements appear," Stefanko added. "The only way to get rid of them is double-clicking on the 'Back' button."

With that said, this isn't the first instance of someone using fake apps in order to try and capitalize on the Pokémon GO craze. Just last week, researchers from security firm Proofpoint discovered a backdoored version of the Pokémon GO app for Android. At first glance, the app seems legit, but upon downloading it, unlucky users would find their device at the mercy of a remote access tool called DroidJack, otherwise known SandroRAT, which gave the attacker complete control over the infected phone.

So, what makes these three fake apps so special? It's the fact that these three apps managed to circumvent Google's process of checking for malicious or abusive behavior before admitting titles, and appeared on the official Google Play marketplace. In contrast, the backdoored Pokémon GO app was only ever present on a third-party app store that most wouldn't bother frequenting anyway.

As of writing this, the fake apps are already gone, but that doesn't mean that aspiring Pokémon GO players should relax just yet. Since the game has yet to be released in various regions, there are still plenty of opportunities for some people to to try and market fake apps to those trying to get their hands on the game ahead of schedule.

Luckily, even if malware creators are clever enough to get their fake apps past Google's security checks, there are still ways for potential targets to stay one step ahead with a little cleverness of their own. First off, be sure to check the publisher, and afterward, be sure to check the number of downloads, as well as user reviews, before installing.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion