There have been reports of malicious Pokémon Go apps out in the wild since the game was released over a week ago, but more of them are popping out of the brush than Caterpies just out of Pallet Town.
According to security firm ESET, apps have been masquerading under similar Pokémon titles, attracting people looking for guides and cheats. Unlike the third-party version we reported on last week that installed a backdoor on Android devices, the three identified by the firm were found in the Google Play store.
One app, called Pokémon Go Ultimate posed the biggest threat to people’s devices. While it resembled the game, it deliberately locked the screen of the device on startup. ESET warns that a simple reboot often won’t work as the app overlays itself over system windows. Users with a locked screen can pull out the battery or use Android Device Manager. However, even after a reboot, it still runs in the background, clicking on porn advertisements. You’d need to manually uninstall PI Network, which should appear in your application manager.
“Pokémon Go Ultimate is the first observation on Google Play of lockscreen functionality being successfully used in a fake app,” said Lukáš Štefanko, a malware researcher at ESET. As per the blog post, the app was used between 500 and 1,000 times before it was removed from the store.
The other two apps to be wary of are “scareware,” meaning that they trick users into paying for unnecessary services. In the case of “Guide & Cheats for Pokémon Go” and “Install Pokemongo,” users could’ve been tricked into signing up for phony services with the promise of generating Pokéballs or Lucky Eggs (apparently up to 999,999 per day because you can go through that many Pokéballs in a day). Both apps have been removed from the app store, but not before the latter got between 10,000 and 50,000 installs. The former only reached between 100 and 500 users.
While the apps have been removed from the Google Play store, it’s important to remind users that while Pokémon Go is amazing and the most popular app ever, it’s important to know what you’re putting on your device. Please don’t use third-party applications and, if you must download an app that promises to help you cheat, it most likely won’t.
However, if you absolutely have to give a random app a shot, then check reviews and its developer. If you see anything a little sketchy, flee! You’ll catch another Pokémon soon.