Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Pokemon Go App On Google Play Infects Phones With Screenlocker (arstechnica.com)

Posted by msmash on from the rogue-android-apps dept.

Everytime an app gets insanely popular, vicious minds try to capitalize on the momentum -- and history suggests, Android is their most-targetted platform. So it wasn't really a big surprise when security researchers at Eset announced on Friday that at least three fake, possibly malicious Pokemon Go app have made it to Google Play, Android's marquee app store. From an Ars Technica report: Of the three, the one titled "Pokemon Go Ultimate" posed the biggest threat because it deliberately locks the screen of devices immediately after being installed. In many cases, restarting an infected phone isn't enough to unlock the screen. Infected phones can ultimately be unlocked either by removing the battery or by using the Android Device Manager. Once the screen has been unlocked and the device has restarted, the app -- which by now has the title PI Network --is removed from the device's app menu. Still, it continues to run in the background and surreptitiously clicks on ads in an attempt to generate revenue for its creators. Eset discovered two other fake Pokemon Go apps inhabiting Google Play, one named "Guide & Cheats for Pokemon Go" and the other "Install Pokemongo." Both deliver ads carrying fraudulent, scary-sounding messages that are designed to trick users into buying expensive, unnecessary services. One such message claims the device is infected with malware and prompts the user to spend money to get the malicious apps removed.

1 of 48 comments (clear)

  1. Google drops the ball...again by Anonymous Coward · · Score: 4, Interesting

    Android is a security disaster.

    People pretend that only those that run rooted phones and install things from untrusted sources are at risk. Once again we are shown that it doesn't matter wethet you install from the play store or not. The Android ecosystem is just full of holes.

    My question is when will Google be held liable for this trainwreck? There are specific requirements that have to be met to be able to submit an app to the play store. The apps are (supposedly) verified before being accepted. Google even reserves the right to ban certain types of apps from the store or to remotely remove them from users devices (fun fact: Google Play Services allows Google to remotely administer your device. And it runs as root, because, why not?).

    We can't keep letting Google get away with this. We can't keep pretending that Google isn't liable.