Bad actors have created fraudulent profiles based on the popular mobile game Pokémon GO to target unsuspecting users with adware, spyware, and other malicious software.
Researchers at security firm Proofpoint found 543 social media profiles related to the game. After some careful analysis, they determined that 167 (or about 30 percent) of those accounts were fraudulent.
The profiles use a variety of tools to lure in potential victims, such as by offering purported game guides for download. Of course, most if not all of those downloadable files aren't what they claim to be.
For instance, a file available on the following social media profile loads up the Downware trojan:
Another profile leads to a download of Android malware:
To be sure, this isn't the first time bad actors have abused Pokémon GO to target users with dangerous software.
Shortly following the game's official release for Android and iPhone on 6 July, computer criminals started pushing out fake versions of the app, including one that installed the DroidJack remote access tool (RAT) onto Android devices.
The security community has also seen various ransomware samples sport a Pokémon GO theme, including one variant of DetoxCrypto, crypto-malware based off of the now-defunct Hidden Tear project, and Nullbyte.
These threats don't pertain just to regular users, either. Proofpoint discovered that 4.5 percent of devices connected to the corporate network were running a form of the game. This could spell trouble for affected organizations:
"This isn't necessarily a problem in itself - rather, it is indicative of the game's popularity. More problematic, however, is the prevalence of potentially risky apps related to Pokémon GO on corporate networks. Niantic has warned about the use of add-on map apps that scrape their servers for data. In addition, three malicious apps related to Pokémon GO have already been detected in US app stores, and have been distributed to users. These and other simply 'risky' apps - those with excessive permissions or leaky data handling but that aren't necessarily malicious - are following users into the workplace."Given the risks associated with Pokémon GO, individual users should avoid clicking on links embedded in social media profiles that are related to the game. There's no telling to what those URLs might link or how those downloads could threaten the security of users' personal machines or their organization's network. It's a risk that's just not worth taking.
Source: BleepingComputer
