what-could-pokemon-go-wrong

What Could (Pokémon) Go Wrong?

14 Jul 2016 by Insight Partner Blog

If you’re like me, your Facebook feed (and Twitter, Instagram, Vine, etc) has probably been bombarded with all things Pokémon these last few days.  If you’re wondering why, it’s due to Nintendo’s launch of Pokémon Go for Android and iOS on July 7.  For the uninitiated, Pokémon Go puts the player in the role of a Pokémon trainer, traveling the world to find new Pokémon (a Japanese shortening of “pocket monster”) to capture.  Unlike previous versions of this extremely popular game (the last 2 Pokémon games sold over 25 million copies), this version is an “augmented reality” app that is an overlay on top of Google Maps.  Instead of using a controller to move your character around in the game, you move your character around by moving in real life.  See a Pokémon down the street from your house?  Take a walk and go get it!  It’s a great way to get people to get out and get active, but sometimes people can become too focused on watching the screen to notice the world around them as they track down a new Pokémon to battle.

Real World Dangers

Unfortunately, it’s not only players that have taken notice of the popularity of Pokémon Go.  Less than 2 days after the launch on iOS, Police in Missouri stated they have an ongoing investigation into a series of armed robberies in which the robbers placed an in-game beacon to lure unsuspecting players into an out of the way area in order to rob them at gunpoint.  The police indicated there were multiple armed robberies in St. Louis and St. Charles using this technique. Virtual lures for real world victims!  It can also lead to more traditional crimes.  While talking about this with a friend, he informed me that one of his acquaintances was mugged while walking around in southern California at 10pm on launch night.   Luckily it only cost him his phone and wallet.

Malware-Infested Clones

Typically, a game will launch on different dates across the globe.  This is typically done to help reduce the launch day impact to the game’s servers.  Pokémon Go followed this approach with the game not being available in all app stores on day one.  Malware writers were very quick to take advantage of this and a malware infested clone of the game were found floating around the internet.  This infected version of the game can do anything from stealing SMS messages, call logs, contact lists, browser history, geolocation, and installed apps to executing commands remotely to take pictures, record video, record calls, or send an SMS message.

SandroRAT_Premissions

McAfee Labs has a write up of this on their blog for a more in-depth explanation of the malware.  This version of the game has been found on 3rd party app stores and for download from various websites.

How to Be a Safe Pokémon Trainer

I love the idea of a great game like Pokémon Go getting people to go outside and be more active.  Even just a little exercise can make a huge difference in your life, so of course I would never tell people to not play this game (I’d be a hypocrite if I did).  However, there are a few things to keep in the forefront of your mind as you or your loved ones play this game.

  1. Be aware of your surroundings. People have a tendency to stare at their screens while walking around, which can lead to some very dangerous situations.  When I lived in Tokyo, I
    regularly saw people running into each other (and sometimes objects) while staring at their screen.  Add in the fun of tracking down a new Pokémon and the distraction becomes even greater.  Keep a constant eye on your surroundings.  Don’t go places alone to catch a Pokémon that you wouldn’t normally go.  The loading screen actually cautions you to stay aware.  Follow that advice!
  2. Watch for counterfeit apps! As we saw from the McAfee Labs write up, there are already malicious versions of the apps in circulation.  Avoid these by staying on well-known app stores.
  3. Don’t cheat! A common tactic around popular games is to create cheat apps or websites that promise to give you extra in-game currency or unlock hidden characters.  Often these sites or apps are riddled with malware and/or will collect your contact information for nefarious use.  The time you save using one of these cheat apps may cost you!
  4. Install security software. If you do end up downloading some form of infected version of the app, having anti-virus software on your mobile device can keep it from stealing your information or compromising your device.

Pokémon Go has the potential to help people get out, socialise and get more exercise.  Like anything good, there will be people out there who try to take advantage of this for their own gain.  Using a bit of common sense can keep you safe and help you enjoy this great game.


What Could (Pokémon) Go Wrong?, by Bruce Snell, originally appeared on the Intel Security Blog.