Malware Attack : Pokemon Go fake Android App Automatically Clicks on Porn Ads

By | July 17, 2016

Malware Attack

Cybercriminals are making target to mobile users using a new malware. They have created a new fake application for Pokemon Go. It is a Android lock screen malware, posing as a fake app for the popular mobile game, has been uncovered.

According to IT security company ESET

The application lures victims into installing it onto their phones and after infecting a phone, the malicious programme named “Pokemon Go Ultimate”, deliberately locks the screen and forces victims to restart their devices. Even after the reboot, it runs in the background hidden from the victim and secretly clicks on porn ads online.

ESET malware researcher Lukas Stefanko also added that,

People from all over the world are installing Pokemon GO, Cybercriminals are taking advantage for this huge response. They are trying to exploit the hype by infecting Pokemon-hungry victims with malicious fake apps. Pokemon GO Ultimate serves as a perfect example, promising the victim to play the original title, but instead delivering only malicious activity.

Once users are doing  installation from Google Play, there was no evidence of Pokemon Go Ultimate on the devices, but instead an app using the name ‘PI Network’ and a different icon was added.

How to remove this malware

Users can do it manually by going into applications manager in settings, look for the PI Network app and then uninstall it. “This is the first observation of lock screen functionality being successfully used in a fake app that has landed on Google Play. It is important to note that from there it takes just one small step to add a ransom message and create the first lock screen ransomware on Google Play.

Two other fake Android apps posing as Pokemon Go apps – “Guide & Cheats for Pokemon Go” and “Install Pokemongo” – were also uncovered by security researchers as fake application. These both apps are also delivering scareware ads that trick victims into paying unnecessarily for advertised bogus services.

Once launched, both apps feature pop-ups that ask users to “verify” their account, only to deliver scareware. One such pop-up claims that the device is infected with viruses but promises to remove them all.

All the three malicious apps have been removed from Google Play Store.

Subscribe for latest security update