Pokemon – Gotta Spam’em All

October 2nd, 2016 | by Anon.Dos at AnonHQ.com

pokemon-go1

Researchers from many security companies have found numerous Pokémon Go applications to have a malicious backdoor, malware, adware, and many other programs that are sending messages to their contacts and the user links, infecting devices. Pokémon Promo was one of those websites, and resembled the authentic Pokémon Go websites – offering rewards for providing an additional ten or more users in a spamming technique – however, this website has now been taken down.

brexitspam
Image Source: Adaptive Mobile – A screenshot of a malicious login page.

Adaptive Mobile, a security company based in Dublin, Ireland, stated that it has also discovered another scam. This scam offers players more than ten thousand Poke Coins once they had collected a hundred points. According to the company’s Chief Intelligence Officer, once a hundred points were made, a message would appear containing a shortened URL that led to spamming websites, some of which were related to Pokémon Go, while others weren’t.

pokemonpromosms
Image Source: Adaptive Mobile – A screenshot of a message with a website showing offering legendary stardust.

The company discovered another bogus Pokémon Go website (Pokémon dot Vif PPoints dot xxxx) that was being advertised on many social media websites, and was offering users Poke Coins if they recommend the website to other users. Also, another website, known as Pokémon Generator, offered users Poke Coins directly to their accounts if they entered their Google account details, the same ones that they were using on the Pokémon Go application.

pokecoins
Image Source: Adaptive Mobile – A screenshot of a malicious page offering Pokemon’s.

Many of these malicious applications are still out there, waiting for users who are willing to take the risk. These applications will continue to emerge unless Niantic offers a worldwide release, or if the hype of Pokémon Go dies away.

pokecoinsgenerator
Image Source: Adaptive Mobile – A screenshot of a malicious page.

According to Cathal McDaid, an intelligence and security expert at Adaptive Mobile, any messages that are offering Poke Coins – or even mentioning the Pokémon Go application – the URL’s in those messages can lead the user to a malicious website(s) containing malware, viruses, adware or ransomware.

pokecoins_1
Image Source: Adaptive Mobile – A screenshot of an SMS offering 14,500 Pokemons with a short URL.

Which reminds me of another case, where a ransomware was coded into a Pokémon Go application available for download on the Internet. The ransomware, called Hidden Tear, was a strain from the ransomware family that shared some traits of Locky. It used AES encryption to lock down files by adding the extension (.locked). Not only did it encrypt the files, but it also installed a backdoor to your machine, creating a network sharing system on your PC.

According to a security researcher at the Bleeping Computer, the ransomware is targeting ethnic groups of Arabic nationality. Once it infects the target machine, it changes the screensaver – showing Pikachu with additional text written in Arabic saying ‘veryimportant.txt’, and that file is saved on the users desktop.

screensaver
Image Source: Bleeping Computers – A screenshot of a screensaver with the text written in Arabic and the hackers email address.

Jawed Malik, a security expert at Alien Vault, states that profiling a racial group using popular applications – and this time being Pokémon Go – for spreading the ransomware or the virus, is not something new.

The Pokémon Go application has been downloaded more than a hundred million times since its launch, and the numbers are increasing day by day.

The Other Way ArounD:

For now, all we can say is that you don’t download it from unofficial sources. If you want to play it, get a VPN for your phone, force stop Google Play, clear the data and clear the cache. Once that is done, fire up the VPN, set the location to any place in the United States and start up your Google Play. From there, enter the information and search Pokémon Go to enjoy the official release.

by Anon.Dos – Creative Commons license – AnonHQ.com

Source: Bleeping ComputersAdaptive Mobile Blog

 




Subscribe to our email Newsletter

Kyle James Lee

Kyle James Lee is the Majority Owner of The AEGIS Alliance. He studied in college for Media Arts & Game Development. Skills include Writer/Article Writer, Graphic Design, Web Design, and Video Production.