Half a million Pokemon Go players have been tricked into downloading an app onto their Android phone that does a little more than advertised.
“Guide For Pokemon GO” made its way onto the Google Play store, and from there to over 500,000 Android customers. In seeking a leg up in their quest to root out a global infestation of virtual monsters, these unsuspecting users unleashed one inside their phones. Already, more than 6,000 people have had their phones hijacked and placed under the control of HackingTeam, the creators of the malware.
It’s not just any old bit of mischief, either. The exceptionally complex program knows to lie in wait even after infecting its host, watching for things like app installation to make sure it’s not running on an emulator — a practice commonly used to identify and pick apart a malicious piece of software. It’s also layered with defenses that make it that much more difficult to reverse engineer.
Once it has found a real and vulnerable host, it jumps through several more hoops to make sure that it’s almost impossible to catch in the act. Only once it has navigated its time delays and has been verified twice over by those in remote control does it begin to download and install its malicious content.
Kaspersky Lab Senior Analyst Roman Unucheck posted findings on his SecureList blog, carefully outlining these behaviors in hopes of alerting the hundreds of thousands of users that are vulnerable but have not yet fallen prey to the criminals behind “HEUR:Trojan.AndroidOS.Ztorg.ad.”
Although the “guide” has since been removed from the store, the damage has already been done.
Follow Nate Church @Get2Church on Twitter for the latest news in gaming and technology, and snarky opinions on both.