Go, Pokemon Go! The Latest Craze that Could Fill your Device with Malware


Featured On

EntrepreneurForbesBuisiness InsiderAxios
This article contains

Wondering what your friend or co-worker is doing, staring at his or her phone, wandering around aimlessly? Are you trying to figure out what all the commotion seems to be regarding that gas station down the street? Chances are, it’s Pokemon Go! related.
Not up to snuff on the augmented reality app-game? Well, if you remember the Pokemon phenomenon that started in 1995 with a small plastic “poke ball”, imagine it now, standing in the middle of your living room. And about 2 to 4 feet tall. And it seems to be three dimensional. And you have to catch it and train it. Ya’ got the idea? In the few short weeks since the limited release of the app in the US, Australia and New Zealand, the game has taken the entire world by storm as people try to spot and catch these little creatures, merging app-life and real life.
Despite all the fanfare, not shockingly, some pretty weird stories have emerged associated with the religious-like fervor. Like the 19-year-old who went into a lake to find a Pokemon and found a dead body instead. Or the two guys who fell off a cliff trying to catch a Poke. Or the guy who quit his job as a barista to travel the world in hopes of nabbing every last character. We’re hoping for his sake they don’t introduce new characters every few weeks, or he might never work again.
But wait, it gets worse
even scarier twist, there have been numerous reports surfacing regarding players who were lured into faked Pokestops by creeps with the intention of mugging them. A Pokestops, for the non-”Go!”-inclined, is any landmark such as a store, monument, park or anything else that’s been chosen as a place where Pokemon hang out. According to CNN, “The game allows players to drop a Lure module in a real world location to attract high numbers of Pokémon for 30 minutes. The lure modules have reportedly also been used by business owners to bring people to their stores.” Some stores have been using the GPS Pokestops feature to drive sales with Pokemon-related tie-ins. Yeesh.
Anyone all that surprised here? Nah, not really.
Another twist, one that we should have all been able to see coming a mile away, is the huge black market value for fake versions of the app. Third party app stores are filled with apps claiming to be The ULTIMATE or The ORIGINAL Pokemon Go!. And quite a few of these fake versions are serving up malware. Anybody with half a brain in their head should know what they could be getting when they install one of these knock-offs. But when it comes to Pokemon, they uh, kinda forget about that logic thing and download just about anything they can.
Researchers at security firm Proofpoint found samples of the counterfeit game that contain DroidJack malware. Nothing new, DroidJack began making rounds in 2015 and creates a back door on any affected devices, giving hackers admin level access to any and all of the device’s functions. DroidJack became infamous last year when it was discovered that the Trojan, on sale online for the low, low price of $210, was being used to record conversations and to video unsuspecting victims. Creepy. And now, if you downloaded one of those fake Pokemon Go! that just happens to be infected, it very well might be recording everything you say and do too.
It really should go without saying, but apparently people need another reminder – Never, never, never download apps from third party stores! At best, you’re getting a bootleg copy or a fake version, which won’t be as good as the real thing, and worst case scenario, you wind up with a device filled with trojanized malware that can steal all your information.
Some other important tips to bear in mind when it comes to apps:

  • Read all terms of service thoroughly – you’ll never know what you’re accepting if you don’t bother to read through them.
  • Use only the most recent version of apps and update them as necessary, to keep malware from taking advantage of vulnerabilities
  • Delete all apps you don’t use. The more apps, the more vulnerable you are.

Word to the wise, if you live outside the US or Australia and NZ, muster up the self restraint to wait until Pokemon Go! Is released in your neck of the woods.