Go to the profile of calon alpar
calon alpar
Enterprise Mobility writer

POKÉMON GO CATCHES MALWARE

Pokemon Go has taken the mobile world by storm with its release only a week ago. The nostalgia has taken off as it is already the biggest US mobile game ever. Unfortunately, with immense popularity, the one thing people seem to ignore is security.

With so much activity happening around Pokémon Go, cybercriminals have taken note of the hype and created various scams and trojans that are reportedly infecting the devices.

VARIOUS SCAMS AND TROJANS CREATED AROUND POKÉMON GO:

1. PokeCoin scams: Pokémon Go is a free app, but Niantic makes money when users spend real money to buy a virtual currency called PokeCoins. Pokémon Go players can spend PokeCoins on items such as eggs to hatch rare Pokémon or incense to lure Pokémon to their location.

While user data doesn’t seem to be getting compromised here, the scammers do benefit via an affiliate program While user data doesn’t seem to be getting compromised here, the scammers do benefit via an affiliate program

Cybercriminals have created surveys offering free PokeCoins. Once the user clicks on the scam site, they are asked for their Pokémon Go user name and the amount of coins they want.These scam sites then require Pokémon Go users to go through a verification process, which includes completing a survey form, installing few applications or signing up for additional services. While user data doesn’t seem to be getting compromised here, the scammers do benefit via an affiliate program. Security firm Symantec reports few thousand users have already clicked on these links.

2. Trojanized Pokémon Go apps: The biggest known threat is the unofficial Pokémon Go app which has been downloaded extensively. With Pokémon Go being available only in just five countries, enthusiasts elsewhere are looking for ways to download the app and catch Pokémons.

Repackaged versions of Pokémon Go are now in circulation and once installed, the app looks legitimate with Pokémon Go login screen but ends up giving complete access to the phone.

3. Pokémon Go cheaters: A good game is definitely incomplete without cheat codes. Pokémon Go players have been found cheating to catch Pokémons on the go.

According to reports, Pokémon Go users have been found spoofing GPS location data, sticking their mobile device to toy trains, dogs, ceiling fans or even drones to trick the app to thing the user is moving. It seems Niantic anticipated this kind of move and has been imposing hour-long bans.

While this might not be a threat, malware authors could offer GPS spoofing tools and with remote location trojan programs to gain control to a device.

4. Permissions and Privacy scare: Since the day of its launch, Niantic has been the subject of a privacy scare. The initial app permissions page suggested Pokémon Go getting full access to Google accounts. However, Niantic quickly replied by stating it had access to only basic information and has updated the app since then.

Since Pokémon Go uses GPS and camera of a smartphone for real-time mapping, it could end up being the latest repository of mapping data.

HOW TO PREVENT POKÉMON GO MALWARE

With how popular this app has become in only a week, it’s a safe bet that some of your employees are already catching Pokémon. On a personal note, I couldn’t resist the game. Since players are playing on devices that have access to company information, how are you making sure they aren’t putting private company information at risk? In these risky times of increasing mobile data breaches, playing Pokémon Go isn’t worth the risk.

Installing a Mobile Threat Defense solution, like Better’s, can ensure none of your company data can be leaked. We monitor, analyze and detect anomalies and exploits based on the techniques themselves without relying on static analysis, therefore detecting and stopping breaches before any damage is done to your company. As employees play Pokémon Go on their BYOD device, whether managed or unmanaged, we can ensure that any malicious attempt, i.e. repacked version of Pokémon Go, will be prevented and blocked from performing any harm.

It’s an impossible task to prevent employees from downloading the popular game on their own device, but when they have access to private information, you must be ready. Security professionals need to establish processes and technology that give them visibility into the apps installed on those devices, and the vulnerabilities and other risks associated with those apps. Even seemingly harmless apps might go over the line and could potentially put an enterprise at risk. Mobile Threat Defense simply continuously protects all your private information on any device.