Pokemon Go, the smartphone game developed by Niantic Labs and Nintendo has created huge interest around the world. The game which was initially made available only in US, Australia, and New Zealand, has been downloaded by smartphone users in other parts of the world via APK files and other tricks.
How To Protect Your Phone From Pokemon GO scams and malware
It is currently the number 1 free app on App Store in the US, and has been installed on twice as many Android devices as Tinder. Some reports indicate that Pokemon Go daily active users were nearly as big as Twitters.
With so much activity happening around a single mobile game, cybercriminals have taken note of the hype and created various scams and Trojans that are reportedly infecting the devices.
1. Free PokeCoin scams: Pokemon Go is a free app, but Niantic makes money when users spend real money to buy a virtual currency called PokeCoins. Pokemon Go players can spend PokeCoins on items such as eggs to hatch rare Pokemon or incense to lure Pokemon to their location.
Cyber criminals have created surveys offering free PokeCoins. Once the user clicks on the scam site, they are asked for their Pokemon Go username and the amount of coins they want.
These scam sites then require users to go through a verification process, which includes completing a survey form, installing few applications or signing up for additional services. While user data doesn’t seem to be getting compromised here, the scammers do benefit via an affiliate program. Security firm Symantec reports few thousand users have already clicked on these links.
2. Trojanised Pokemon Go apps: The biggest known threat is the unofficial Pokemon Go app which has been downloaded extensively. With Pokemon Go being available only in just five countries, enthusiasts elsewhere are looking for ways to download the app and catch Pokemon.
Symantec reports malware authors are circulating a remote access location as Pokemon Go. Once installed, the app looks legitimate with Pokemon Go login screen but ends up giving complete access to the phone.
3. Pokemon Go cheaters: A good game is incomplete without cheat codes. Pokemon Go players have been found cheating to catch Pokemon on the go.
According to reports, users have been found spoofing GPS location data, sticking their mobile device to toy trains, dogs, ceiling fans or even drones to trick the app to thing the user is moving. It seems Niantic anticipated this kind of move and has been imposing hour-long bans.
While this might not be a threat, malware authors could offer GPS spoofing tools and with remote location Trojans programs to gain control to a device.
4. Permissions and Privacy scare: Since the day of its launch, Niantic has been the subject of a privacy scare. The initial app permissions page suggested Pokemon Go getting full access to Google accounts. However, Niantic quickly replied by stating it had access to only basic information and has updated the app since then.
Since Pokemon Go uses GPS and camera of a smartphone for real-time mapping, it could end up being the latest repository of mapping data. Symantec believes Niantic’s launch of Bluetooth LE wearable device might risk users’ location data. Wearable devices with the ability to track users have been susceptible to the data leak.
Steps to protect one from Pokemon GO scams and malware:
1. Avoid fake Pokemon Go apps: It is highly advisable to wait for the official app to launch in your country. Avoid downloading Pokemon Go variants from third-party sources.
2. Install the updated version of Pokemon Go app, which removes the request for full access to Google account.
3. Avoid using game-cheating tools circulated on social media platforms.
4. Use strong passwords for Pokemon Go account.
5. Update your smartphone’s firmware to prevent fraudulent attacks.