Pokémon Go made history by spreading like wildfire and amassing hordes of fans, and it was only a matter of time before the global phenomenon was targeted by users with malicious intents.
The title rolled out in July, and the fact that gamers could only download it in a limited number of countries pushed them into trying alternate solutions. Third-party download sites were one of them, but some Masters quickly found out that their Pokémon Go downloads were embedded with malware of the worst kind. Specifically, the type of malware that hijacks a victim's handset.
Luckily, now players from a large number of markets can download the proper version of the game via the big app stores for mobile devices, meaning that the malware infestation subsided. However, security experts point out that new problem emerged in the form of hacker-crafted apps that are linked to Pokémon Go.
Kaspersky Lab reports that a minimum of one malware-infected Android app exists, and it is deviously dubbed Guide for Pokémon Go. Data shows that the app topped half a million downloads.
The app was available on the Google Play store and it explained the ins and outs of the augmented-reality game to newcomers, all for free. It also taught them how to be better trainers for their adorable monsters. Meanwhile, the free app was packing malware, which made it easy for a hacker to take over the phone of its victim.
Roman Unuchek from Kaspersky Lab explains the problem in a blog post.
The hackers inserted a malicious string of code inside the app, which automatically "downloads rooting malware — malware capable of gaining access to the core Android operating system."
"[A]t least 6,000 successful infections [have been counted]," Unuchek writes.
Users in Russia, Indonesia and India were most affected, but the app being in English opens the way to a much larger demographic becoming vulnerable.
Kate Kochetkova of Kaspersky Lab points out that the malware is sneaky and waits a while before activating. Once the phone is infected, it starts popping up ads at an alarming rate. Keep in mind that the malicious software is also programmed to covertly install additional apps.
"[C]riminals have chosen a relatively mild way to earn money: ads," Kochetkova said.
She adds that, in the future, they may resort to other methods of getting revenue, such as locking users' devices and asking ransom to unlock it. Another dreaded possibility is to tap into digital accounts to siphon money out of them.
Kaspersky Lab recommends fans of Pokémon Go to verify their apps and, should they see the Guide to Pokémon Go app installed, delete it immediately. Routinely scanning your device to confirm that it is clean is also a good idea, with or without the threat of malware installing gimmicky ads on your smartphone.
We compiled our own list of tips and tricks to aid Pokémon Go players in their quest to catch'em all, and we promise it comes devoid of malware.
Are you still enjoying the hit mobile game? Let us know in the comments below.