Beware of Pokemon Go malware in Google Play

It may be easy to dismiss reports of Android malware as nothing more than fear mongering by clickbait-loving journalists and security companies, but not even apologists can argue with the fact that the threat is real when malware is approved on Google Play.

ESET's security researchers have uncovered a fake lockscreen app, called Pokemon Go Ultimate, which takes advantage of the game's mindblowing popularity to mislead users into installing it ultimately generating revenue by clicking on porn ads.

Pokemon Go Ultimate poses as Pokemon Go, but what it does is lock the victim's screen, forcing them to restart the device. After the reboot, it sets itself to run in the background, so that it can click on ads without being noticed. ESET says that Pokemon Go Ultimate is the first-ever fake lockscreen app that it has discovered on Google Play.

As you may know, Pokemon Go only recently became widely available. Android users who could not download the game in their region could have easily been tempted to install Pokemon Go Ultimate, maybe thinking that it is actually the real deal published by another developer.

That said there is a telltale sign that Pokemon Go Ultimate is not really Pokemon Go, as the app, after it's downloaded, installs under the "PI Network" name. A discerning user would be able to tell that something is wrong at this stage, but someone who is less knowledgeable will open the app.

After that happens, the app locks the screen but it also "overlays all the other apps as well as system windows". ESET says that the only way to restart is to pull out the battery or use Android Device Manager -- likely to wipe the device using the second option.

The malware is cleverly designed, because after the reboot the PI Network icon is removed from the app drawer so that users can't uninstall it easily. ESET notes that it can be uninstalled from the Settings menu, by opening the app manager, finding Pi Network and tapping on the uninstall button.

However, while that may make it seem less dangerous, the security company does say that "it takes just one small step to add a ransom message and create the first lockscreen ransomware on Google Play". And that is more dangerous than your device being used to click on ads, whatever they may be for.

On top of Pokemon Go Ultimate, ESET has also identified other "bogus" apps that target the Pokemon Go user base, like "Guide & Cheats for Pokemon Go" and "Install Pokemongo". Those are, however, labeled as fake apps, which only try to tempt users into subscribing to some "expensive bogus services".

The damage caused by Pokemon Go Ultimate, in terms of affected users, is quite small, as the app had only been installed by 500 to 1,000 unsuspecting Android users before being pulled by Google. However, Install Pokemongo had been downloaded by 10,000 to 50,000 users.

It goes without saying that you should avoid any apps that seem suspicious. Chances are, if it is what you are looking for but has a funny name, you should steer clear of it.