New Delhi: With the smartphone-based reality game Pokemon Go gaining popularity, cyber security sleuths have issued an alert against some fake and malicious apps prowling in the Indian web space which can seriously compromise an individual’s phone.
“It has been observed that fake Pokemon Go malicious apps are available on third party websites for download. There are various fake versions of the app available. All of them are pretending to be the genuine version of the Pokemon Go app and allow users to access up to level 5 in the game.
“Some fake versions of Pokemon Go are lockscreen apps, some are embedded with malicious Remote Access Tool (RAT) called as Droidjack for Android,” the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to the users of the popular game which hit the online gaming world recently.
CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain. Pokemon Go is a location-based augmented and outdoor reality game for iOS and Android supported devices and numerous freak accidents have been reported from across the globe where indulgent users lost track and suffered injuries.
The agency has detected at least three aliases or fakes of the original game that are available in the cyberspace and have identified them as ‘Pokemon GO Ultimate’, ‘Guide & Cheats for Pokemon Go’ and ‘Install Pokemongo’.
“These apps are capable of locking the victim device. Forced reboot is required to come out of the locked screen. After successful reboot of the device, the app keeps on running itself in background and make network connections to various add sites which give fake messages and entice users to download other side-loaded (doubtful) apps,” the advisory said.
The fake apps, the agency said, are also capable of performing unwanted and malicious activity on a user’s phone like giving full access of the victim’s Android device to the attacker, installing various side-loaded apps along with the installation of Pokemon Go and install the App with more than the required permissions.
“If compromised device is connected to corporate network, it may pose risk to the whole network also,” the advisory warned. .