14 DAY TRIAL // Dell security researchers have discovered seven new Android apps posing as the official Pokemon GO app but that are, in reality, infected with malware ranging from adware to the DroidJack RAT (Remote Access Trojan).
Fake Pokemon GO apps were detected last month as well, right after the game was released in Australia, New Zealand, and the US.
Crooks took advantage of the huge hype created around the game to provide fake apps on third-party stores or via "how to download and install Pokemon GO in your country" tutorials.
New apps deliver RATs and adware
One month later, Dell's team discovered another set of apps infected with DroidJack. Their names are com.nianticlabs.pokemongo (as the official app) and net.droidjack.server (a dead giveaway as to what the app contains).
These two apps will give an attacker complete control of your device, allowing them to steal data from your phone, make calls, take pictures and record videos via the camera, and even listen in via the microphone.
Besides RATs, these Pokemon GO look-alike apps also come with adware. Two of these apps are net.ksbicrwkn.pokemongousa and eu.auauvcqwu.pokemongocoins.
Users who download and install these apps will be prompted for administrator privileges. Giving the app admin rights will allow it to pester you with popup or fullscreen ads, overlaid on top of the homescreen or over other apps.
Malicious apps also deliver PUAs
There is also a third category of malicious apps you can download masquerading as Pokemon GO apps, and those are so-called "installers" or PUAs (Potentially Unwanted Apps).
The sole purpose of these apps is to install other apps, from the Google Play Store or non-official sources, usually as part of an affiliate program that allows crooks to earn a small fee from each installation.
The names of installer apps posing as Pokemon GO apps but delivering PUAs are com.thaipro.pokemongo and com.vns.pojemongo, with the latter being used by two different applications. You can view all their technical details below.
