Crooks continue to bank on the Pokemon hype
We already know that crooks are using the Pokemon GO apps to spread remote access trojans via third-party app stores, but now, one of those malware-infected apps has made its way to the official Google Play Store.
Following a report from ESET, Google intervened and removed the app, along with two others that distributed scareware.
Pokemon-themed app distributed clickjacking malware
The malicious app's name was Pokemon GO Ultimate and promised users to allow them to play the game, even if not yet available in their country.
Because Pokemon GO is only available in the US, Australia, New Zealand, Germany and the UK, some users outside these countries installed the app seeking a way to play Nintendo's bestseller.
ESET says that between 500 and 1,000 users ended up downloaded and installing the app.
Once this happened, users were never treated with the game because the app never installed anything remotely similar to the Pokemon GO game.
In fact, the fake app would install the PI Network application, for which it would also add an icon on the user's phone.
Fake app locked the user's screen, clicked on ads behind his back
If users found this icon and tapped on it, an image would appear on the user's screen, locking his phone.
Only by rebooting the phone would the user be able to remove this screen.
"Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows," ESET's Lukas Stefanko writes.
"The user needs to restart the device either by pulling out the battery or using Android Device Manager."
This wouldn't stop the app, because as soon as the user rebooted, it would remove its start icon from the phone, and begin working in the background of the Android OS, opening adult-themed sites and clicking on ads, no doubt for the crook's own profit.
To remove the app for good, users need to visit "Settings ->> Application manager ->> PI Network" and tap the Uninstall button.
Two other apps distributed adware and scareware
Additionally, besides the Pokemon GO Ultimate app, ESET researchers found two other apps named "Guide & Cheats for Pokemon Go" and "Install Pokemongo."
Both these apps were in the same style of apps we talked about yesterday.
These are apps that promise to deliver one thing (yesterday it was social media followers, today it's Pokemon cheats) but provide popups and ads, often tricking the user to subscribing to expensive premium services.
Between 100 and 500 users installed Guide & Cheats for Pokemon Go, while Install Pokemongo reached between 10,000 and 50,000 Android users.
Lockscreen shown to infected users
Source:
http://news.softpedia.com/news/fake...-clicks-on-ads-in-the-background-506375.shtml
We already know that crooks are using the Pokemon GO apps to spread remote access trojans via third-party app stores, but now, one of those malware-infected apps has made its way to the official Google Play Store.
Following a report from ESET, Google intervened and removed the app, along with two others that distributed scareware.
Pokemon-themed app distributed clickjacking malware
The malicious app's name was Pokemon GO Ultimate and promised users to allow them to play the game, even if not yet available in their country.
Because Pokemon GO is only available in the US, Australia, New Zealand, Germany and the UK, some users outside these countries installed the app seeking a way to play Nintendo's bestseller.
ESET says that between 500 and 1,000 users ended up downloaded and installing the app.
Once this happened, users were never treated with the game because the app never installed anything remotely similar to the Pokemon GO game.
In fact, the fake app would install the PI Network application, for which it would also add an icon on the user's phone.
Fake app locked the user's screen, clicked on ads behind his back
If users found this icon and tapped on it, an image would appear on the user's screen, locking his phone.
Only by rebooting the phone would the user be able to remove this screen.
"Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows," ESET's Lukas Stefanko writes.
"The user needs to restart the device either by pulling out the battery or using Android Device Manager."
This wouldn't stop the app, because as soon as the user rebooted, it would remove its start icon from the phone, and begin working in the background of the Android OS, opening adult-themed sites and clicking on ads, no doubt for the crook's own profit.
To remove the app for good, users need to visit "Settings ->> Application manager ->> PI Network" and tap the Uninstall button.
Two other apps distributed adware and scareware
Additionally, besides the Pokemon GO Ultimate app, ESET researchers found two other apps named "Guide & Cheats for Pokemon Go" and "Install Pokemongo."
Both these apps were in the same style of apps we talked about yesterday.
These are apps that promise to deliver one thing (yesterday it was social media followers, today it's Pokemon cheats) but provide popups and ads, often tricking the user to subscribing to expensive premium services.
Between 100 and 500 users installed Guide & Cheats for Pokemon Go, while Install Pokemongo reached between 10,000 and 50,000 Android users.
Lockscreen shown to infected users
Source:
http://news.softpedia.com/news/fake...-clicks-on-ads-in-the-background-506375.shtml
