You see it in the streets, on the bus, and everywhere you go, and even if you’re not into the augmented reality game that is Pokemon Go, chances are you know someone who is. It didn’t take long for scams to pop up around the app phenomenon.
Security companies have recently highlighted that Pokemon Go may bring with it some risks for security, but it’s not really the app itself doing it, but rather some cheeky cybercriminals keen on cashing in on a love for catching, trading, and fighting pocket monsters.
According to Symantec, makers of the Norton 360 security solution, variants of Trojan viruses have popped up in the wild named after the hit Nintendo title aimed at attracting people who may not have the official “Pokemon Go” app available in their countries.
One such variant is called “Pokemon Go Ultimate”, and while it has already been removed from the Google Play Store, it’s an indication of what’s to come.
Another security company — this time Bitdefender — picked up on that same Trojanised edition of Pokemon Go, reporting that installation would provide backdoor functionality and offer access for the criminal to people’s devices.
The security exploit being used for the fake Pokemon Go client isn’t new and has popped up before as a form of spyware, but packing it into a fraudulent Pokemon application is a serious thing, especially if people are looking for versions of the Android app to install from over the web.
“Popular mobile applications are often used as baits to lure people into downloading malicious copies from third-party sites or app stores,” said Alexandra Georghe, Security Specialist at Bitdefender.
“Users should install apps only from official, verified markets and should pay attention to what app permissions they allow. These may grant other entities access to their location, microphone, contacts list or text messages, for instance.”
It’s also worth pointing out that fraudulent apps aren’t the only way of scamming Pokemon Go players, within cheat and tip website already trying to cash in on gamers eager to get ahead.
Symantec has picked up on this with a few websites, some of which have offered the in-game currency of Pokecoins if you fill out surveys. While these may appear harmless, some of the information could be a ploy to steal information that you may use for your identity, essentially turning the so-called cheat into a way to cheat you into identity theft.
If you are looking for tips on Pokemon, it might be a better idea to look at what the star players are doing, reading up on their advice instead.