/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/09/unnamed2.jpg)
There was a sudden rage in the gaming industry that had its origin in the launch of PokemonGo. Thus, arrived the growing number of related apps and, inevitably, amplified interest from the cybercriminal community.
Kaspersky Lab, a global cybersecurity company, has discovered a new malicious app on the Google Play store: “Guide for Pokémon Go”, capable of seizing root access rights on Android smartphones and using that to install/uninstall apps and display unsolicited ads.
The app has been downloaded more than 500,000 times, with at least 6,000 successful infections. Kaspersky data suggests that there have been over 6,000 successful infections to date, including in Russia, India, and Indonesia.
Kaspersky Lab has reported the Trojan to Google and the app has been removed from Google Play.
Notably, the Trojan includes some interesting features that help it to bypass detection. The Trojan waits for the user to install or uninstall another app, and then checks to see whether that app runs on a real device or on a virtual machine. If it’s dealing with a device, the Trojan will wait a further two hours before starting its malicious activity. Even then, infection is not guaranteed.
After connecting with its command server and uploading details of the infected device, including country, language, device model and OS version, the Trojan will wait for a response. Once it receives a response, it will proceed with further requests and the downloading, installation and implementation of additional malware modules
This approach means that the control server can stop the attack from proceeding if it wants to - skipping those users it does not wish to target, or those which it suspects are a sandbox/virtual machine, for example. This provides an additional layer of protection for the malware.
Once rooting rights have been enabled, the Trojan will install its modules into the device’s system folders, silently installing and uninstalling other apps and displaying unsolicited ads to the user.
"Even though the app has now been removed from the store, there are up to half a million people out there vulnerable to infection – and we hope this announcement will alert them to the need to take action,” said Roman Unuchek, Senior Malware Analyst, Kaspersky Lab.
If you doubt that your device is infected with the Trojan, scan your device with mobile antivirus.