Monday, 22 August 2016

Beware of Fake Pokemon Go Apps



ESET Ireland warns of fake Pokémon GO apps appearing, giving attackers full control over a victim’s phone.

Since 2015, thousands of aspiring Pokémon trainers have been waiting for the release of Pokémon GO, the augmented reality game that will allow players to catch hidden Pokémon’s in the real world and conquer “gyms” through the internet, traveling both physically as well as within the app itself.

Niantic Inc., the game’s developer, with the support of Nintendo and The Pokémon Company, has so far only made it freely available to users in the US, Australia and New Zealand. The rest of the world will unfortunately have to wait for a global release date, which is expected to be sooner rather than later. However, this hasn’t stopped fans of Pokémon from getting access to the game. Many have resorted to downloading the Pokémon GO APK from a link available via online forums and Facebook groups.

This is problematic. As excited as you may be in getting your hand on the game early, bypassing traditional routes is not without its shortcomings. You have to always remember that downloading apps from nonofficial repositories – such as Google Play and the App Store – entails security risks.

This game is no exception, researchers recently explained that they have discovered modified versions of the app that installs malware in order to spy on users and the content of their devices and virtually give an attacker full control over a victim’s phone.

This malicious Pokémon GO APK is detected by ESET as a variant of Android/Spy.Kasandra.B.

Regardless of who the developer is, it is important to highlight that downloads from external sources are never a good idea because the apps have not go through the usual security controls. These apps are often modified to include malware or remote access tools that allow anyone with malicious intentions to gain control over a victim’s device.

Cybercriminals will certainly take advantage of gamers who simply can’t wait to download the official Pokémon GO app in their region, and will hide their threats in apparently harmless archives. Don’t fall into this trap. Instead, we recommend you wait for the official game to launch in your country. It’ll be hard, but it’s the safer option.

Meanwhile, keep your security software on your mobile device always updated; read reviews from people who have already installed the application you’re about to download; and pay careful attention to the permissions requested during installation.

The full story is available on ESET Ireland’s blog.