Experts at Kaspersky have discovered a new malicious app in the Google Play store related to Pokémon GO. The app is called “Guide for Pokémon GO” which the security company claims is capable of seizing root access rights on Android devices. The app is then able to install or uninstall apps from the phone and also displays unsolicited ads. Kaspersky says the app has been downloaded more than 500,000 times, and has been successfully able to infect at least 6,000 devices.
The Guide for Pokémon Go is a Trojan app that is able to download rooting malware on an Android device, and gets access to the core of the OS. This allows the Trojan to install unwanted apps on the device, or even remove some of the installed apps. According to Kaspersky, the Trojan app is clever and does not start as soon as the user launches it. Instead, the app waits for at least two hours before it starts downloading malicious content on to the device.
“Infection of the device is not guaranteed. After connecting with its command server and uploading details of the infected device, including country, language, device model and OS version, the Trojan will wait for a response. Only if it hears back will it proceed with further requests and the downloading, installation and implementation of additional malware modules,” Kaspersky said in a statement.
Once the Trojan acquires the rooting rights to the device, it installs modules in the system folders of the device. According to Kaspersky, at least one other version of Pokemon Guide app was available on the Play Store when the game launched in July 2016. The company says there have been at least 6,000 successful infections of Android devices since December 2015, including in Indonesia, India and Russia.
As Pokemon GO got traction after its launch and its popularity grew, so did the number of malicious apps on the Play Store. Fake apps started showing up on the Android Play Store as soon as early July. As the game had not reached shores of most countries, fraudsters were able to fool people into downloading their own fake version of the game. One such app was called ‘Pokemon Go Ultimate’. Running that app will leave your phone completely frozen. Hackers have also tried to get access to Android devices by offering Pokémon GO help apps.
Kaspersky has since reported the Trojan to Google, and has had the app removed from the Google Play Store.