This fake Pokemon Go game will secretly drive porn ad clicks

The app will freeze the phone with a screen lock of a Pokemon Go image

A newly discovered fake Pokemon Go game will actually lock your phone and then secretly run in the background, clicking on porn ads.

Security firm ESET found it on Google Play and its called Pokemon Go Ultimate. However, once downloaded, the app itself doesn’t even pretend to offer anything remotely like the hit game.

Instead, it simply appears as an app called “PI Network.” Once it runs, the app will then freeze the phone with a screen lock of a Pokemon Go image, forcing the user to restart the device, ESET said on a blog post on Friday.

Following a restart, the PI Network icon will disappear from the phone, but the malicious app is actually still running in the background. It will then go online, secretly clicking on porn ads to generate revenue for the app's developers.

Fortunately, users can easily delete it, by going into app section of the phone’s settings, and manually uninstalling.

Google Play has also removed the Pokemon Go Ultimate app. ESET said the fake game was only available for a short time and generated between 500 and 1,000 downloads.

Some users, however, may still be tempted to download knock-offs of Pokemon Go. That’s because, outside of the U.S., the official game isn’t available in many parts of the world.

This week, it launched in five European countries, including the U.K., Germany, and Italy, but there’s still no word on when it might arrive Asia.

Security experts have warned that fake versions of the game could contain malware. In addition, shady developers have been trying to take advantage of the Pokemon Go craze, by coming out with unofficial apps that offer cheats, tips, and music from the game.

However, these products are also hungry for personal data and can collect sensitive information from users’ phones including contact lists and login info to social media accounts. RiskIQ, a firm that tracks mobile malware, has detected dozens of these questionable apps.

On Friday, ESET also warned that these unofficial Pokemon Go apps could also contain scareware. It found two other apps that when installed will display fraudulent pop-up ads that will claim the user’s phone is infected with a virus.

“Of course, the app promises to clean up the device, which could cause the user to unwillingly send a subscription SMS to bogus – yet expensive – services,” ESET said.

The two apps, “Guide and Cheats for Pokemon Go” and “Install Pokemongo,” have both been removed from Google Play.

Join the Computerworld newsletter!

Error: Please check your email address.

Tags gamesmalware

More about ESETGoogle

Show Comments