Malicious Pokemon Application Roots, Compromises Mobile Phones

An application, fake and destructive, which claims to show the way to access 'Pokemon GO,' made its place inside Google Play's market and after getting loaded onto Android devices, the malware-tainted application enabled attackers to gain root admission into them.

In a research about the discovery recently by Senior Malware Analyst Roman Unuchek of the Global Research and Analysis Team at Kaspersky Lab, the application is described as really a Trojan carrying one very nasty code which digs deep into unwitting owners' mobile phones.

Kaspersky states, all the telemetry data that the security company's anti-malware products produced discovered that the malware infected the phones of a minimum 6,000 owners with its creator gaining control over those devices. It was found that there were over 500,000 attempts to download the application prior to Kaspersky informing Google about the rogue app and Google then erasing it from the Google Play marketplace.

The Trojan's author quite certainly is exploiting the popularities of the Play Store's games and applications by bundling his malware inside additional 'side' application copycats. These copycat products were nine in all, with most of them loaded over 10,000 times; however, a particular product got downloaded more than 100,000 times. Softpedia.com posted this, September 14, 2016.

And, whilst the aforementioned downloads take place the Trojan transmits all information regarding the device so one fresh owner is victimized after which it waits for the server to issue it commands. The server issues the command twice, a tactic to dupe security analysts.

The command from the CnC server includes one JSON file having a few web-links that the Trojan pursues resulting in several files to get pulled down on the contaminated mobile-phone.

Unuchek states the rogue application's intended targets were mobile owners speaking English; however, its victims largely turned out to be from Indonesia, India and Russia. Google Play descried the application as certain guide containing many 'tricks' and 'tips' for widely played games.

Unfortunately, despite the application not being there on the Store any more, still one-half million users are susceptible to infection; therefore, Kaspersky hopes the announcement about it will induce potential victims for taking appropriate action.

» SPAMfighter News - 9/20/2016