Connect with us

Hi, what are you looking for?



Malicious Pokémon GO Apps Land in Google Play

The Pokémon GO hype isn’t over, and more cybercriminals are taking advantage of it. After a malware-riddled Pokémon GO app emerged over a week ago, researchers have also found a fake lockscreen app in Google Play under the name of Pokemon Go Ultimate.

The Pokémon GO hype isn’t over, and more cybercriminals are taking advantage of it. After a malware-riddled Pokémon GO app emerged over a week ago, researchers have also found a fake lockscreen app in Google Play under the name of Pokemon Go Ultimate.

The official Pokémon GO app is available in only a handful of countries, and cybercriminals are preying on users’ urge to play the game. Although listed as Pokemon Go Ultimate in the official storefront, the app appears under the name of PI Network once installed on an Android device.

When launched, the program freezes, effectively locking the device’s screen and preventing the user from using it. Because it doesn’t offer the possibility to unlock the device, the app forces the user to restart the device, sometimes by removing the battery or using the Android Device Manager.

After analyzing the malicious software, ESET researchers discovered that, after reboot, the icon for PI Network disappears and that the fake lockscreen program runs in the background, silently clicking on ads online to generate revenue for its operators.

In addition to Pokemon Go Ultimate, security researchers discovered fake applications such as Guide & Cheats for Pokemon Go and Install PokemonGo in Google Play and say that they were designed to deliver scareware ads, thus tricking users into paying for unnecessary services. When launched, these apps promise to generate up to 999,999 Pokecoins, Pokeballs or Lucky Eggs each day, but they don’t deliver on these promises.

Instead, as recently seen with bogus applications that promise thousands of followers on social networks, these apps require users to “verify their accounts” and trick them into subscribing to expensive bogus services. These apps also displayed fake pop-up alerts, some claiming that the device has been infected and needs to be cleaned.

“The virus removal masquerade is only one example of the apps’ scareware techniques. They can also download other applications, create surveys and display scam ads where the user has allegedly won prizes such as the new iPhone, Galaxy S7 Edge or even large amounts of money. The techniques deployed depend on the country where the user’s IP is being localized,” ESET researchers explain.

Advertisement. Scroll to continue reading.

These applications have been already removed from Google Play, but not before being installed onto thousands of devices. Pokemon Go Ultimate had between 500 and 1,000 installs when removed, Guide & Cheats for Pokemon Go had between 100 and 500, while Install PokemonGo had between 10,000 and 50,000 installs.

In addition to the cybercriminals looking to leverage the success of the app to cash in on users’ naivety, there are those who would rather go for the company that released the game instead. In the case of Pokémon GO, a threat group called PoodleCorp claimed that it was responsible for bringing the game’s servers offline over the weekend.

The group posted on Twitter that it was successful in its attempt, but also said that this attack was only a test, and that “something on a larger scale” will happen soon. Apparently, the group plans a distributed denial of service (DDoS) attack on the Pokémon GO servers on August 1.

Attacks of the kind are not something new, nor for the group of hackers claiming to be behind them and brag about their plans. 

“Pokemon Go has an extremely high profile, and any impact attributed to a specific attacker is going to drive publicity,” Tim Erlin, Senior Director of IT Security and Risk Strategy for Tripwire told SecurityWeek. “Attributing cyber attacks to specific groups or individuals is very difficult, especially with a distributed denial of service where the evidence is service disruption, rather than compromised information.”

In April this year, the group known as Lizard Squad caused a massive outage after hitting servers operated by Blizzard Entertainment with a DDoS attack. In December last year, a group called Phantom Squad threatened to take down PlayStation Network and Xbox Live on Christmas.

Related: Backdoored Pokémon GO App Infects Android Devices

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...