The Computer Emergency Response Team of India (CERT-In), the country's top cybersecurity organisation, has warned smartphone users against fake and malicious Pokemon Go apps prowling in the indian web space which can not only compromise their phones' safety, but entire corporate networks.
ALSO READ: 5 games that are as addictive as Pokemon Go
In its latest advisory, CERT-In has warned that some Pokemon malicious apps are available on third-party websites for download. all of them are pretending to be the genuine version of the app and allow users to access up to level 5 in the game.
Some fake versions of Pokemon are lockscreen apps, some embedded with malicious remote access tool (RAT) called as Droidjack for Android, CERT-In said to users of the popular augmented-reality game, which has exploded in the online gaming world.
Nodal agency to combat hacking, phishing and to fortify security-related defence of the indian internet domain. the agency has detected, at least, three aliases or fakes of the original game available in the cyberspace and has identified them as 'Pokemon go ultimate', 'guide & cheats for Pokemon go' and 'install PokemonGo'. These apps are capable of locking the victim device. forced reboot is required to come out of the locked screen.
After successful reboot of the device, the app keeps on running itself in background and make network connections to various add sites which give fake messages and entice users to download other side-loaded (doubtful) apps, the advisory said. The CERT-In advisory states that the fake apps are also capable of performing unwanted and malicious giving full access of the victim's Android device to the attacker, installing various side-loaded apps along with the installation of Pokemon and install the app with more than the required permissions. If the compromised device is connected to a corporate network, it may pose risk to the whole network as well, the advisory warned.
CERT-In has suggested certain countermeasures and asked users not to click on banners, pop-ups or ad notifications, or downloading and installing applications from untrusted sources. Careful reading of the app's terms and conditions and specific permissions required by it before installing is a must besides running a full-system scan on device with mobile security solution or mobile antivirus software.
Some other combat measures include installing Android updates and patches as and when available from Android device vendors keeping an eye on data usage (application wise usage also) and unusual increase in mobile bills.
CERT-In has also suggested avoiding usage of unsecured, unknown wi-fi networks and making it a diligent practice of taking regular back-up of the Android device.