Fake versions of the augmented reality game Pokémon Gothat made their way into the Google Play and Apple App stores have been downloaded by tens of thousands of people.
The unofficial apps posing as Niantic Labs’ Pokémon game were found under names such as “Pokémon Go Ultimate”, “Pokémon Go: New Version for Free App Game !” and “Go Catch ‘Em All!”.
The latter made it into Apple’s list of top free apps in the iOS store last week before the game was released in the UK, while Pokemongo for Android was downloaded by up to 50,000.
Not all of the fake apps are necessarily malicious, but security company ESET discovered that Pokémon Go Ultimate locks users phones before surreptitiously visiting porn websites in the background.
Discovered in the Android app store, the fake game freezes users’ phones when opened, forcing them to turn their phone off and on again. But on rebooting, the malicious app continues to work in the background, clicking on adverts to generate revenue for its operators and partners, according to ESET.
People that have downloaded this particular app can remove it from their phones by going to Settings -> Application manager -> PI Network -> uninstall the app.
The security researchers discovered other unofficial apps for Android including “Guide & Cheats for Pokémon Go” and “Install Pokemongo”, which encourage users to pay for unnecessary add-ons such as Pokecoins, Pokeballs and Lucky Eggs.
The malicious apps have now been removed from the Google Play and Apple App stores, after they were downloaded by tens of thousands of people.
Separate research from RiskIQ found that 215 malicious copies of the game were released in the first 24 hours after it launched in the UK. And last week Proofpoint discovered that Android users excited to get their hands on a copy of the game could have downloaded a tampered-with version of the APK.
Players should be careful to read reviews before they download any Pokémon Go-related apps and, where possible, try and download official versions.
Niantic, Nintendo and the Pokémon Company’s official Pokémon Go app could be just as vulnerable to attack from malicious cyber gangs it turns out, as a hacker group threatened to take the game offline on August 1.
[Source:- The Telegraph]