Security firm Kaspersky reports that downloaders of a popular Pokémon Go! guide app from the Google Play app store may have been exposed to serious malware. The app, "Guide for Pokémon Go New" by Markersel (since removed from the Play store), was downloaded more than 500,000 times, according to statistics from Google.
The app provided no useful advice to Pokémon fans. Instead, it was merely a ruse to install a malicious trojan that is capable of seizing root access to your Android device, disabling installed apps and displaying unwanted ads. And because the trojan was able to acquire root access, downloaders of the app face even greater threats.
Roman Unuchek, Senior Malware Analyst, Kaspersky Lab says, “Victims of this Trojan may, at least at first, not even notice the increase in annoying and disruptive advertising, but the long term implications of infection could be far more sinister. If you’ve been hit, then someone else is inside your phone and has control over the OS and everything you do and store on it."
Demonstrating the sophistication in the malware's development, the trojan also has unusual features to help it bypass detection. Kaspersky reports that malware doesn’t start as soon as the victim launches the app. Instead, it waits another two hours before starting its malicious activity, making it less suspicious to malware detection. More information about the specifics of the app infection process is available from Kaspersky's Secure List blog.
The Guide for Pokemon Go malware is a reminder that downloading apps from unknown publishers can be risky, even in the Google Play Store. Kaspersky says that at least nine other apps with this same trojan were available in the Google Play Store since December of 2015. It's best to stick with well-known apps and publishers, whenever possible. And make sure you have a solid antimalware app running on your device at all times. Many computer antimalware solutions provide mobile protection as part of the subscription (including our Top Pick, which happens to be Kaspersky), or go with a standalone mobile option, such as Lookout Security.