Over 500K People Have Installed a Pokemon Go-Related App That Roots and Hijacks Android Devices

An anonymous reader writes: Over 500,000 people have downloaded an Android app called "Guide for Pokemon Go" that roots the devices in order to deliver ads and installs apps without the user's knowledge. Researchers that analyzed the malware said it contained multiple defenses that made reverse-engineering very difficult -- some of the most advanced they've seen -- which explains why it managed to fool Google's security scanner and end up on the official Play Store. The exploits contained in the app's rooting functions were able to root any Android released between 2012 and 2015. The trojan found inside the app was also found in nine other apps, affecting another 100,000 users. The crook behind this trojan was obviously riding various popularity waves, packing his malware in clones for whatever app or game is popular at one particular point in time.

Re:Installed?

Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

So 500k downloads could equal zero installs.

That's in the paragraph below the one quoted by TFA:

The app, named Guide for Pokémon Go, made its way onto the official Google Play Store, from where over 500,000 users downloaded and installed it on their smartphones.

Kaspersky says that telemetry data received from its security products found that at least 6,000 users had their phones rooted and under the malware author's control.

If it roots on activation it's odd to say that there have been 500K installs but only around 6K roots. 500K downloads and attempted-installs maybe.