1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Fake Pokemon GO Android App Locks Your Screen, Clicks on Ads in the Background

Discussion in 'Mobile Phones & Devices' started by starbuck, Jul 16, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Crooks continue to bank on the Pokemon hype

    27d83bfdbacc8e732fd29fc6a7c58e5f.png

    We already know that crooks are using the Pokemon GO apps to spread remote access trojans via third-party app stores, but now, one of those malware-infected apps has made its way to the official Google Play Store.

    Following a report from ESET, Google intervened and removed the app, along with two others that distributed scareware.

    Pokemon-themed app distributed clickjacking malware

    The malicious app's name was Pokemon GO Ultimate and promised users to allow them to play the game, even if not yet available in their country.

    Because Pokemon GO is only available in the US, Australia, New Zealand, Germany and the UK, some users outside these countries installed the app seeking a way to play Nintendo's bestseller.
    ESET says that between 500 and 1,000 users ended up downloaded and installing the app.

    Once this happened, users were never treated with the game because the app never installed anything remotely similar to the Pokemon GO game.
    In fact, the fake app would install the PI Network application, for which it would also add an icon on the user's phone.

    Fake app locked the user's screen, clicked on ads behind his back

    If users found this icon and tapped on it, an image would appear on the user's screen, locking his phone.
    Only by rebooting the phone would the user be able to remove this screen.

    "Unfortunately, in many cases a reboot is not available because the activity of the malicious app overlays all the other apps as well as system windows," ESET's Lukas Stefanko writes.
    "The user needs to restart the device either by pulling out the battery or using Android Device Manager."

    This wouldn't stop the app, because as soon as the user rebooted, it would remove its start icon from the phone, and begin working in the background of the Android OS, opening adult-themed sites and clicking on ads, no doubt for the crook's own profit.

    To remove the app for good, users need to visit "Settings ->> Application manager ->> PI Network" and tap the Uninstall button.

    Two other apps distributed adware and scareware

    Additionally, besides the Pokemon GO Ultimate app, ESET researchers found two other apps named "Guide & Cheats for Pokemon Go" and "Install Pokemongo."

    Both these apps were in the same style of apps we talked about yesterday.
    These are apps that promise to deliver one thing (yesterday it was social media followers, today it's Pokemon cheats) but provide popups and ads, often tricking the user to subscribing to expensive premium services.

    Between 100 and 500 users installed Guide & Cheats for Pokemon Go, while Install Pokemongo reached between 10,000 and 50,000 Android users.

    5aa8263e4a6c1357275102d496087561.png
    Lockscreen shown to infected users


    Source:
    http://news.softpedia.com/news/fake...-clicks-on-ads-in-the-background-506375.shtml
     

Share This Page