Over 500K People Have Installed a Pokemon Go-Related App That Roots and Hijacks Android Devices

An anonymous reader writes: Over 500,000 people have downloaded an Android app called "Guide for Pokemon Go" that roots the devices in order to deliver ads and installs apps without the user's knowledge. Researchers that analyzed the malware said it contained multiple defenses that made reverse-engineering very difficult -- some of the most advanced they've seen -- which explains why it managed to fool Google's security scanner and end up on the official Play Store. The exploits contained in the app's rooting functions were able to root any Android released between 2012 and 2015. The trojan found inside the app was also found in nine other apps, affecting another 100,000 users. The crook behind this trojan was obviously riding various popularity waves, packing his malware in clones for whatever app or game is popular at one particular point in time.

Installed?

[AmiMoJo]

Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

So 500k downloads could equal zero installs.

Ultimate Root App

[scratchy_king]

The trojan roots all Android devices released between 2012 and 2015?

Without needing to unlock the bootloader, install custom recovery, etc.?

Awesome! Where do I sign up!?

It Really Pisses Me Off

It really pisses me off that these apps can supposedly root Android and install all sorts of apps, yet trying to get root on my Galaxy is a convoluted game of Twister requiring the setting of permissions, installing special PC software, installing special (skecthy as fuck) boot loaders, custom (sketchy as fuck) recovery environments, and more.

And, rooting Amazon fire tablets is either impossible or it's utterly bricked in the attempt.

How is it that these bullshit apps can so easily get root and install hidden apps behind the scenes in a seamless single step app install?