Despite only being released this month, and the fact that it hasn’t been released in all countries all over the world, Pokémon Go has already amassed 30 million downloads and over $35 million in net revenue. The app has also broken more than a couple of records, with it being the fastest game to top both the Apple App Store and Google Play lists. With these numbers, cybercriminals are taking notice.
As mentioned earlier, the app has not been released worldwide but this has not stopped users from looking for ways to play the game. Within a couple of days of the app’s release, fraudulent and malicious versions were already discovered by Trend Micro. The fake app was available for download through third party file-sharing websites.
It has the capability to take over an Android phone’s primary utilities, including accessing, modifying, and making calls, text messages, contact and camera functions, Wi-Fi connections, etc. This fake version was meant to target countries where Pokémon Go was not yet officially released.
Another one of the malicious apps posing as Pokémon Go is called Pokémon GO Ultimate, which was available through Google Play. Once it launches, the app intentionally locks your smartphone’s screen – making the user restart the device. Once the phone is rebooted, the app accesses malicious websites in the background without the user’s knowledge.
With it being the fastest game to top both Apple and Google’s app stores, cybercriminals are taking notice.
Google play has been a hotbed for these malicious apps, with Guides and Cheats for Pokémon GO also being discovered among the apps available there. When installed, this app shows “scareware” pop-up ads that tell the user that their device is infected and it needs to be scanned or cleaned. When a user is persuaded by the ads, the links would only lead them to purchase useless and expensive services.
There have also been reports of online surveys offering Pokémon coins and other power-ups when you answer them or if you visit another dubious website. It might not seem harmful or risky at first, especially for children, but giving out your personal information to unsafe websites is not the safest thing to do. Your best bet is to just purchase coins and other bonus material from the official app.
Cybercriminals will not stop at trying to exploit the game’s popularity, as it does not show any signs of slowing down. And so follow the fraudulent and scam apps. Trend Micro recently published a list of tips for safe mobile gaming:
Download from trusted sources. While it might seem tempting to download a “cracked” version of Pokémon Go online or through an app store, one should resist as this is one of the easiest ways to infect your phone. Malicious apps might pop up on Google Play or the App store; however, it is still best to download the official app. A recent report showed that China, India, and Indonesia had the most compromised Android devices – their preference for third-party apps to download games being the culprit.
Create a separate gaming identity. Trend Micro recommends users to create a unique username and email address to use exclusively for games, as most games and services ask for so much personal information when you register. Creating unique login credentials for gaming apps could make it harder for hackers to cross-reference with other online accounts. Linking your social media accounts to other games or apps could also lead to your information being leaked once these services are breached or accessed by hackers.
Be aware of what permissions you are granting. Pokémon Go relies on location information as an augmented reality gaming app, requiring it to ask more permissions than other apps. Review the information and settings the app is asking, and make sure that you are comfortable with authorising access to these information. Pokémon Go initially asked for full access to the user’s Google information, including Gmail and Maps, among others. The game’s developer quickly updated this part of the app and reduced its access to just the user ID and email.
Be diligent with your updates. App updates are needed to make sure that identified bugs and vulnerabilities in the app are fixed. It is best to check if there are any additional permissions asked, and to make sure you understand them. Reading reviews of other users on the update is useful and will let you know if it is applicable to your device.
Install a trusted mobile security solution. Having a comprehensive security solution that provides protection and lessens the probability of malware encounters only heightens your enjoyment of Pokémon Go or any other app for that matter.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.