Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Android

Fake Pokemon Go App On Google Play Infects Phones With Screenlocker (arstechnica.com) 48

Everytime an app gets insanely popular, vicious minds try to capitalize on the momentum -- and history suggests, Android is their most-targetted platform. So it wasn't really a big surprise when security researchers at Eset announced on Friday that at least three fake, possibly malicious Pokemon Go app have made it to Google Play, Android's marquee app store. From an Ars Technica report: Of the three, the one titled "Pokemon Go Ultimate" posed the biggest threat because it deliberately locks the screen of devices immediately after being installed. In many cases, restarting an infected phone isn't enough to unlock the screen. Infected phones can ultimately be unlocked either by removing the battery or by using the Android Device Manager. Once the screen has been unlocked and the device has restarted, the app -- which by now has the title PI Network --is removed from the device's app menu. Still, it continues to run in the background and surreptitiously clicks on ads in an attempt to generate revenue for its creators. Eset discovered two other fake Pokemon Go apps inhabiting Google Play, one named "Guide & Cheats for Pokemon Go" and the other "Install Pokemongo." Both deliver ads carrying fraudulent, scary-sounding messages that are designed to trick users into buying expensive, unnecessary services. One such message claims the device is infected with malware and prompts the user to spend money to get the malicious apps removed.
This discussion has been archived. No new comments can be posted.

Fake Pokemon Go App On Google Play Infects Phones With Screenlocker

Comments Filter:
  • by Anonymous Coward on Friday July 15, 2016 @05:30PM (#52521193)

    Android is a security disaster.

    People pretend that only those that run rooted phones and install things from untrusted sources are at risk. Once again we are shown that it doesn't matter wethet you install from the play store or not. The Android ecosystem is just full of holes.

    My question is when will Google be held liable for this trainwreck? There are specific requirements that have to be met to be able to submit an app to the play store. The apps are (supposedly) verified before being accepted. Google even reserves the right to ban certain types of apps from the store or to remotely remove them from users devices (fun fact: Google Play Services allows Google to remotely administer your device. And it runs as root, because, why not?).

    We can't keep letting Google get away with this. We can't keep pretending that Google isn't liable.

    • The apps are (supposedly) verified before being accepted.

      No, no doubt Google scans for existing threats when developers upload their apps, but Google makes no such promise about having verified apps on their store. You must be confusing Google with Apple.

      We can't keep pretending that Google isn't liable.

      Liable for what? What damage has been done? Booting into recovery mode is just one google search away. Also, Google can remotely uninstall malicious apps.

      Not only that, but users can flag and downrate such apps immediately. The system is such that apps with low ratings lose visibility in their search results. And

      • No, no doubt Google scans for existing threats when developers upload their apps, but Google makes no such promise about having verified apps on their store. You must be confusing Google with Apple.

        1. Google CANNOT be THAT incompetent. They simply aren't "scanning" squat.

        2. Apple is smart enough to not GUARANTEE no Malware. But their track record undeniably points out that whatever they are doing as far as App Approval is FAR, FAR, FAR superior to what Google is doing.

    • Android is a security disaster.

      As an android user, I'm very aware of this. That's why I use my phone primarily as a phone and sometimes a GPS navigation device. If it were lost or stolen my banking and credit card information would not be compromised. The most sensitive information that would be exposed would be my contacts and a few text messages. There aren't even any interesting photos on it. I have an actual camera for that.

      But a couple days ago I was kind of curious about this Pokemon Go thing and I almost installed it until I

    • by antdude ( 79039 )

      Apple's app stores can be the same too. Once in a while, bad apps get published. :(

    • by Rexdude ( 747457 )

      If you're dumb enough to download an app from a dodgy unverified publisher, or without reading reviews, sure, blaming Google is the sane response here. ISPs are also responsible for the content they provide access to, I presume?

    • by Sloppy ( 14984 )

      I think it just points out that the idea of a central repository doesn't make sense with proprietary software. I basically trust the Debian repo (or OpenBSD ports, etc) because there's at least a chance that someone checked the software out to see if it's intended to work for the users instead of someone else.

      With the bullshit repos from Google, Apple, etc you know they aren't auditing the software, due to one really simply fact: they can't audit it. Binaries are submitted, not source. So whatever "vetting

  • And better mice will beat a path to your doorstep.

  • Apple seems to do a MUCH better job of policing their app store than Google, which makes iPhones a far better bet for non-techies like my grandma (and yes she does have an iPhone). I know someone will come along and point out some obscure case of malware making it into Apple's store but for every one of those there are thousands that make it into the Android store. It's way, way lopsided.

    Google needs to up their game. Badly.

    • Apple seems to do a MUCH better job of policing their app store than Google, which makes iPhones a far better bet for non-techies like my grandma (and yes she does have an iPhone). I know someone will come along and point out some obscure case of malware making it into Apple's store but for every one of those there are thousands that make it into the Android store. It's way, way lopsided.

      Google needs to up their game. Badly.

      You are only partially-right. You don't have to be a "non-techie" to appreciate the advantages of Apple's App Approval process and iOS Security Model. In fact, if you ARE technical, you can actually understand and appreciate how well considered, well designed, and well executed these things are by Apple.

      But the simple fact is, Google considers Android just another one of their Data Mining Opportunities; so it devotes precious little resources to actually FIXING the GOOGOLPLEX of very serious problems with

      • You are only partially-right. You don't have to be a "non-techie" to appreciate the advantages of Apple's App Approval process and iOS Security Model. In fact, if you ARE technical, you can actually understand and appreciate how well considered, well designed, and well executed these things are by Apple.

        Because some of us technically adroit people don't want our damn phones to be the center of our technical lives. I have an iPhone for the reasons you do, because I want my phone to just work.

        • I have an iPhone for the reasons you do, because I want my phone to just work.

          Reclamation! Joy before the angels of God! The point is that it works.

          Say it, Brother Sir.

  • by wbr1 ( 2538558 ) on Friday July 15, 2016 @06:52PM (#52521563)
    Not showing up in store when I search. Looks like the system is working to me.
    • Not showing up in store when I search. Looks like the system is working to me.

      Wrong!

      If the "system" was working, these not one, not two, but THREE Malware-infested Apps would have NEVER BEEN APPROVED.

      That is, unless you are talking about the "media damage control" "system". If so, you're absolutely right...

      • by wbr1 ( 2538558 )
        It is working. The fact that there is more freedom in the google play store, and even freedom to sideload is to me a fair trade for occasional malware. The fact that normally it is gone quickly means it is working.
        • It is working. The fact that there is more freedom in the google play store, and even freedom to sideload is to me a fair trade for occasional malware. The fact that normally it is gone quickly means it is working.

          It's a fucking PHONE! Grow up.

Technology is dominated by those who manage what they do not understand.

Working...