Rogue Pokémon app hacks Androids

Tuesday, Sep 20, 2016 15:01

 

A new malicious app on the Google Play store called "Guide for Pokémon Go", is discovered to be capable of seizing root access rights on Android smartphones to install or uninstall apps and display unsolicited ads. — File Photo

HCM CITY (Biz Hub) — Experts at Kaspersky Lab have discovered a new malicious app on the Google Play store called "Guide for Pokémon Go", capable of seizing root access rights on Android smartphones to install or uninstall apps and display unsolicited ads.

The app has been downloaded more than 500,000 times, with at least 6,000 successful infections.

The Trojan includes interesting features that help it bypass detection. For example, it does not start as soon as the victim launches the app. Instead, it waits for the user to install or uninstall another app, and then checks to see whether that app runs on a real device or on a virtual machine.

If it is dealing with a device, the Trojan will wait a further two hours before starting its malicious activity. Even then, infection is not guaranteed. After connecting with its command server and uploading details of the infected device, including country, language, device model and OS version, the Trojan will wait for a response.

Only if it hears back will it proceed with further requests and the downloading, installation and implementation of additional malware modules.

Once rooting rights have been enabled, the Trojan will install its modules in the device's system folders, silently installing and uninstalling other apps and displaying unsolicited ads to the user.

People concerned that they may be infected with the Trojan should scan their device with mobile antivirus. If they are infected, there are tools available to help them remove the rooting malware, which can be a complex process.

In addition, Kaspersky Lab advises users to always check that apps have been created by a reputable developer, to keep their OS and application software up-to-date, and not to download anything that looks at all suspicious or whose source cannot be verified.

Kaspersky Lab has reported the Trojan to Google and the app has been removed from Google Play. — VNS

Comments (0)

Statistic