"There's no surprise that an app as popular as Pokemon Go has spawned associated malware," said Tim Erlin, senior director of IT security and risk strategy for Tripwire.
Unless you've been shipwrecked on a deserted island for the past few months, you've quite likely heard about Pokemon Go. A popular and free video game which interfaces with real-world locations and allows users to find virtual creatures around town (and elsewhere), Pokemon Go has had its share of ups and downs in the press. While the game itself is benign and has been praised for getting people out and about (exercise counts in any form, after all), there have been some mishaps as well. While immersed in the game people have seen and reported fires, crashed cars, trespassed, gotten robbed, fallen off cliffs, found bodies, suffered assaults, and more.
Unfortunately, the list of Pokemon Go-related misfortunes has grown a little longer. Recently, at least 6,000 phones were infected by a Trojan disguised in a Pokemon Go guide. The issue was reported by the anti-virus organization Kaspersky Labs, which stated the malware "doesn't start as soon as the victim launches the app. Instead, it waits for the user to install or uninstall another app, and then checks to see whether that app runs on a real device or on a virtual machine."
If the device is actually a phone, the malware will then wait for a period of time (a couple of hours, for example) before communicating with a server and then only proceed to wreak havoc after getting remote instructions. There is some intelligence behind this. As tech writer Patrick Goss explained in an article, "this approach means that the control server can stop the attack from proceeding if it wants to - skipping those users it does not wish to target, or those which it suspects are a sandbox/virtual machine, for example. This provides an additional layer of protection for the malware." After all, there is little point in negatively impacting a virtual system not likely to contain any valuable data.
According to Tim Erlin, senior director of IT security and risk strategy for Tripwire, "There's no surprise that an app as popular as Pokemon Go has spawned associated malware. Any time we see a large event or significant trend in technology, cybercriminals do their best to take advantage of it."
I discussed the topic further with Mr. Erlin:
TR: What sort of havoc could this malware wreak on a phone?
Erlin: "Mobile malware is generally interested in stealing data that can be sold for profit. We've seen malware that's aimed specifically at compromising bank details, but other personal information is also a valuable commodity."
TR: What do you recommend users do BEFORE installing apps?
Erlin: "Consumers should protect themselves by avoiding third-party app stores that don't offer the same protections around available apps. Even within the well protected app stores, caution is well-advised. Maybe don't be the first, or even the hundredth, person to download that app.
The app stores also provide information about the author, downloads and ratings. A well-rated app, with a large number of downloads and good reviews is a better bet, but not foolproof. There's no harm in doing a quick web search for more information about the app or the author. Ultimately, your decision to install or not install is going to be based on suspicion of risk."
TR: Any other words of wisdom for IT professionals, parents, and anyone else whose job it is to protect/remediate other people's mobile devices?
Erlin: "The less you install, the less risk you have."
Some other tips to help protect mobile users:
- It's a good idea to keep tabs on running processes, data consumption and device performance, since these can provide clues which might warn you that malware is present and working behind the scenes. While frequent crashing or device errors isn't necessarily a "smoking gun" (it could just represent a flaky operating system or unreliable app), these could also serve as indicators of malware.
- Keeping the operating system and applications updated, not storing confidential data or passwords on a device, and using different passwords for different apps is also a good idea to cut down on risk. Utilizing encryption of storage devices also makes sense.
- Anti-malware software should be considered a must-have for any devices which store or access confidential data, especially for business purposes.
- Avoid the use of free public wi-fi when conducting business or security-sensitive operations. Private data may potentially be exposed to malicious users eavesdropping on this traffic.
- Jailbreaking or rooting phones may be a way of life for tech enthusiasts and individuals focused on personal choice. However, it can also expose a phone to risk and allow malicious apps to access personal data.
- IT departments should consider the use of Mobile Device Management (MDM) solutions which can help aid in device administration, as well as malware detection/remediation. However, keep in mind MDM solutions can also be exploited to deliver malware to users, so these products should also be kept secure, updated and accessible only by authorized personnel.
VMware releases AirWatch Express to simplify MDM efforts for SMBs
How to create and deploy an MDM blacklist with Miradore
Infographic: Businesses are more concerned about security of mobile devices and employee data than cyberwarfare
How your business can make money on Pokemon Go
How to remove your business location from Pokemon Go