Anti-virus experts Kaspersky Lab highlighted that a malicious Pokemon Go companion app was downloaded more than 500,000 times.
The app, titled “Guide for Pokemon Go” on the Play Store, is capable of seizing root access rights on Android smartphones and using this to install and uninstall apps, or display unsolicited ads.
Kaspersky Lab experts said that this app managed to successfully infect 6,000 devices. It highlighted some features of the malware that helped it avoid detection. In a blog post, Kaspersky wrote that the takeover doesn’t start as soon as the victim launches the app. Instead, it wrote, “it waits for the user to install or uninstall another app, and then checks to see whether that app runs on a real device or on a virtual machine. If it’s dealing with a device, the Trojan will then wait another two hours before starting its malicious activity.”
Senior Malware Analyst at Kaspersky Lab, Roman Unuchek, said that it’s unsurprising that Pokemon Go would be the target of malware. “In the online world, wherever the consumers go, the cybercriminals will be quick to follow,” he explained.
“Pokémon Go is no exception. Victims of this Trojan may, at least at first, not even notice the increase in annoying and disruptive advertising, but the long term implications of infection could be far more sinister. If you’ve been hit, then someone else is inside your phone and has control over the OS and everything you do and store on it. Even though the app has now been removed from the store, there’s up to half a million people out there vulnerable to infection – and we hope this announcement will alert them to the need to take action.”
If you believe that your phone has been infected, you should backup all your data and then reset your device to factory settings. Kaspersky Lab also advises users to always check that apps have been created by a reputable developer, to keep their OS and application software up-to-date, and not to download anything that looks at all suspicious or whose source cannot be verified.