These malicious apps are capable of locking the victim's device.
With the smartphone-based reality game Pokémon GO gaining popularity, cyber security sleuths have issued an alert against some fake and malicious apps prowling in the Indian web space which can seriously compromise an individual's phone.
"It has been observed that fake Pokémon GO malicious apps are available on third party websites for download. There are various fake versions of the app available. All of them are pretending to be the genuine version of the Pokemon Go app and allow users to access up to level five in the game.
"Some fake versions of Pokémon GO are lockscreen apps, some are embedded with malicious Remote Access Tool (RAT) called as Droidjack for Android," the Computer Emergency Response Team of India (CERT-In) said in its latest advisory to the users of the popular game which hit the online gaming world recently.
CERT-In is the nodal agency to combat hacking, phishing and to fortify security-related defences of the Indian Internet domain.
Pokémon GO is a location-based augmented and outdoor reality game for iOS and Android supported devices and numerous freak accidents have been reported from across the globe where indulgent users lost track and suffered injuries.
The agency has detected at least three aliases or fakes of the original game that are available in the cyberspace and have identified them as 'Pokémon GO Ultimate', 'Guide & Cheats for Pokémon GO' and 'Install Pokemongo'.
"These apps are capable of locking the victim's device. Forced reboot is required to come out of the locked screen. After successful reboot of the device, the app keeps on running itself in background and make network connections to various add sites which give fake messages and entice users to download other side-loaded (doubtful) apps," the advisory said.
The fake apps, the agency said, are also capable of performing unwanted and malicious activity on a user's phone like giving full access of the victim's Android device to the attacker, installing various side-loaded apps along with the installation of Pokémon GO and install the App with more than the required permissions.
"If compromised device is connected to corporate network, it may pose risk to the whole network also," the advisory warned.
It has asked users not to click on banners, popups or ad notifications, or downloading and installing applications from untrusted sources.
Also, careful reading of the apps' terms and conditions and specific permissions required by it before installing is a must, besides running a full system scan on device with mobile security solution or mobile anti-virus software.
Some other combat measures include installing Android updates and patches as and when available from Android device vendors, keeping an eye on data usage (application wise usage also) and unusual increase in mobile bills.
They have also suggested avoiding usage of unsecured, unknown Wi-Fi networks and making it a diligent practice of taking regular backup of the Android device.
