Augmented Malware with Pokémon Go

UPDATE: Augmented Malware with Pokémon Go

UPDATE

The Pokémon Go app is now available for even more countries via the Google Play Store and on iTunes. So before you go on a wild online spree to try and download it from untrustworthy sources which might give you more than you bargained for (you might not want to do that even if the app is not yet available for your region – read the below article to find out why), check here (Google Play Store) and here (iTunes)!

ORIGINAL ARTICLE

The phenomenal success of the new Pokémon Go is leading frustrated fans to jump the official release schedule and pick up the free app – potentially along with some malware – in unofficial download sites.

Pokémon Go combines the real world with a digital map on smartphones. People follow the map to search for Pokémon. And once these creatures appear, game players toss “Pokeballs” at them until they are subdued.

While Pokémon is practically an old-timer game, the latest variant incorporates augmented reality (called A.R.), to merge digital technology with the real world by combining smartphones’ cameras and displays. It is probably the biggest use of A.R. technology yet.

The maker of Pokémon Go is primarily owned by Nintendo, the Japanese gaming pioneer – and this is a problem. They launched Pokémon Go in early July in the United States, Australia and New Zealand through official markets such as Google Play and the Apple iTunes market. While those may be key geographies, this approach has nonetheless frustrated millions of fans that grew up with Pokémon in other regions such as Japan, China – and even Germany and the UK.

avira_blog_category_augmented-malware-with-pokemon-go_inpostpic

Yes, there is a Pokémon Go workaround

Unhappy Pokémon fans are looking everywhere for their favorite game and are finding it through a combination of unofficial app markets, untrustworthy download sources, and technical workarounds.

For Android users, downloading from unofficial markets simply requires them to go through Settings, then Security, and to check on the box for downloads from “Unknown sources” on their devices. While this may seem harmless, downloading Pokémon Go – or any app – through an unofficial market does have its risks.

You can get more than just the app

Security analysts have found an infected Android version of Pokémon Go at a malicious file repository less than three days after the official release in New Zealand and Australia. The variant includes a malicious remote access tool that could give an attacker full control over the victim’s phone but has not yet been found in the wild, said the ProofPoint analysts. This malware is detected by Avira as Android/Spy.Kasandra.

The CNN news site reported that a fake Pokémon app called “Go catch ’em all!” was topping the Free Apps chart in Apple’s Canadian iTunes store. In China, knockoff Pokémon apps have the first and third rankings in download sites.

For smartphone users and Pokémon Go fans who want to stay safe,

  1. Stay Official – The chances of encountering malware in a downloaded app drop significantly if you stay with the official app channels.
  2. Unclick unknown –If downloading an app from unofficial markets, unclick this option afterwards to prevent additional accidental downloads.
  3. Scan regularly –Scan your device regularly with Avira Antivirus for Android.
  4. Heads up—When playing Pokémon Go, keep your head up and stay aware of real non-virtual risks and dangers … like a red light.

And now: Gotta catch ’em all! 😉

This post is also available in: German

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.