Pokemon GO: Ransomware Installed Via Game To Hack Your Accounts

Michael Gillespie, a security researcher, discovered a Pokemon GO ransomware and

delivered this news via Twitter.

Pokemon GO has only been released for a little over a month. However, many issues
regarding possible viruses and malware injected in the game have littered the internet
since its release. During its initial release, several sites were offering cracked apk
versions of the game for Android phones. Some contained malware while some were
similar to the official app that was released. Api files for devices running Apple’s iOS also
were not able to get away from the “cracking” as cracked api files was also uploaded in
the web. These were installed on jailbroken iDevices.

Gillespie sent out a tweet just before the weekend, on August 12. He say that the
ransomware is still in the works. However, with the extent of the code the hackers are
using to create this ransomware, it is designed to spread and infect other drives.

<blockquote class="twitter-tweet" data-lang="en"><p lang="und" dir="ltr"><a

href="https://twitter.com/hashtag/HiddenTear?src=hash">#HiddenTear</a> <a
href="https://twitter.com/hashtag/Ransomware?src=hash">#Ransomware</a> masked
as <a href="https://twitter.com/PokemonGoApp">@PokemonGoApp</a>, sad Pikachu
included. Note ‫جدا هام‬.txt: <a href="https://t.co/UcoHYblx7g">https://t.co/UcoHYblx7g</a>
<a href="https://t.co/xXO8f8nTZs">pic.twitter.com/xXO8f8nTZs</a></p>&mdash;
Michael Gillespie (@demonslay335) <a
href="https://twitter.com/demonslay335/status/764149745635905536">August 12,
2016</a></blockquote>
<script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script>

Resources note that the app is hidden with the filename “PokemonGo.exe” with a sad
Pikachu as its icon. Bleeping Computer analysis show that the ransomware may be the
first of its kind as it creates a “backdoor Windows account”. This means that the hacker,
or whoever is sending this out, will have access to your files and your computer no less.

What is scary about this is any unsuspecting person could be spreading this
ransomware. Once the ransomware is in your computer, any USB, phones or any
removable drive you insert will be infected. When that drive is infected and inserted into
another computer or device, that device will also be infected.

It was noted that it is targeted for Arabic “victims” as the ransom note is written in Arabic.
The note was decrypted by Lawrence Abrams of Bleeping Computer.

The content of this ransom note is:

(: ‫ تشفير تم لقد‬،‫التالي للعنوان موبيليس فلكسي الشفرة لفك ملفاتكم‬
me.blackhat20152015@mt2015.com ‫مسبقا كرمكم على وشكرا‬

The English translation is:

( : Your files have been encrypted , decoding Falaksa Mobilis following address
me.blackhat20152015@mt2015.com and thank you in advance for your generosity
From this, it is advised that you should be wary of what Pokemon GO app you will
download online. Do not download from unknown or sites that are not trusted.