Have you downloaded a Pokemon Go guide app in the last few months? It’s possible that you downloaded devastating malware.
A popular Pokemon Go guide app with half a million downloads was recently caught hacking Android devices. The hack was discovered by researchers from Kaspersky Lab. The app, which goes by the vague name Guide for Pokemon Go, was widely available on the Google Play Store – but has since been taken down.
The app, according to Kaspersky’s blog post, used multiple layers of obfuscation to bypass Google Play’s malware detection mechanisms.
One of the key defense mechanisms is that the app contains a malicious module that doesn’t execute immediately: instead, the app waits until the user has installed or uninstalled another application. It does this to ensure that it’s being run on a real device – not an emulated environment like the ones researchers use to test malware.
After the app determines it’s running on a real device, it begins to go to work. It waits an extra two hours before executing its malicious module, which then connects to a remote server. The malware sends device-specific data to that server, and then the server responds by telling the module to download exploits that correspond specifically to vulnerabilities on that device.