A suspicious app, named Guide for Pokemon Go, pretending to be a guide with professional tips for players of the widely used Pokemon Go app has been detected to install ad-supported applications and even root the devices it affects.
The add-supported application has somehow managed to slip into the Google Play Store, bypassing it’s security checks. Users begun downloading the app and the ones who installed it on their Android devices weren’t little as well – more than 500 000 downloads.
Researchers from Kaspersky claim that the over 6000 users who have downloaded the app were victims of unauthorized root access to their devices.
Another Similar App Slithers The Same Malware
Not only this, but there was also other application, more importantly an actual mobile Trojan Horse that managed to infect users with a similar app. Since the Trojan is the same, malware researchers believe that the very same malware developer is behind both attacks.
The other app was not as big as this one and after being installed on approximately 10000 Android devices, it was detected and removed.
Malware Analysis Results
According to malware researchers at Kaspersky, the application, which they dubbed Trojan.AndroidOS.Ztorg.ad is reported to be a sophisticated virus tof the ad-supported type. The virus was developed in a difficult manner and malware researchers also report having multiple difficulties while trying to reverse engineer it and see what exactly it does.
From what is known so far, the Pokemon Go Guide virus uses an app which was made to obfuscate a code by encrypting it and hence hide it’s activity. In addition to that, after an infection has commenced, the virus does not necessarily contact it’s command and control servers.
Not only this, but the Pokemon Go virus is intelligent as well. It will not install itself unless it detects a manual action from the user, such as installing and app on the SD memory, detecting that the app is not installed on a virtual machine.
Getting Rid of Guide for Pokemon Go App
The bottom line for this application is that even if it was in fact detected and prevented by the Google Play security team, many of the users have downloaded it. So if you have it, we strongly advise you to follow the instructions below and reset your Android device to get it rid of this program.