Cyber Threats Exploiting Pokemon Go Popularity

pokemon threat up aheadLike most popular software, Pokemon Go has quickly become a magnet for cyber criminals. Within just a few days of its launch, the hottest mobile app today has already become the target of DDoS and malware attacks.

For those who have been living under a rock, Pokemon Go is an augmented reality game that runs on iOS and Android. Using the phone screen and camera as its main tools, Pokemon Go allows players to search and capture virtual critters – known as Pokemon – in the real world in real time. Once captured, Pokemons can be trained and brought into battle.

The game’s innovative use of augmented reality, which blends elements of a virtual world with the real world, has enthralled millions of users. Sadly, this extremely high level of activity also attracts individuals with malicious intent. There have been reports of players being robbed when they have wandered off to catch Pokemon or engage with other players.

Since Pokemon Go is first and foremost an app, threats are not limited to the brick-and-mortar world. There are cyber threats too. Two threats that have gained considerable attention are a DDoS attack and a malware attack.

 

DDoS attack on Pokemon Go servers

A DDoS (Distributed Denial-of-Service) attack was targeted at Pokemon Go login servers on the weekend beginning July 16. This prevented users from logging in to play the game. Two hacking groups have already claimed responsibility for the attack(s). The first group calls themselves OurMine, while the second is known as PoodleCorp. The latter was even bold enough to tweet about the event right before it happened:

 

 

While some people believe the server crashes were simply due to the overwhelming influx of users, PoodleCorp has already issued a threat that seems to imply a bigger attack on August 1:

 

 

That’s just right around the corner, so we’ll see what happens.

The folks at Niantic (Pokemon Go’s developers and publishers) have ample time to set up contingency measures, so if some considerable downtime still takes place on that date, PoodleCorp must be on to something.

 

Pokemon Go Malware

Cyber crooks are hitting Pokemon Go on both the server and client fronts. Earlier this month (July 2016), Google removed a fake Pokemon Go app known as “Pokemon Go Ultimate” after researchers at ESET flagged the malicious app.

Pokemon Go Ultimate was capable of locking your phone’s screen after starting up. The app wasn’t designed to be ransomware, but because there was no way to unlock the phone. Users were forced to remove their phone’s batteries in order to restart. The problem was, that upon rebooting, the app would continue running; this time in the background. While running, the app would simulate user clicks on porn ads in a manner similar to Hummingbad.

 

Possible impact on business cyber security

While DDoS attacks on Pokemon Go servers might have little to zero impact on business’ cyber security, the possible impacts of Pokemon Go related malware are worthy of attention. Some employees might become too enthusiastic with the game and start downloading apps or visiting websites that appear related to the game.

If those apps or websites turn out to be malicious, the phones used to download them could end up getting infected. Those phones can then be a threat as soon as they connect to your network.

Learn more about mobile threats and how to prevent them from invading your network. Contact us now.

Android Malware Hummingbad Infects Millions of Devices

hummingbad android malwareMillions of Android devices (about 10 million to be more exact) are infected by Hummingbad, a piece of malware that gains root access, installs malicious apps, and dupes users and ad networks in an elaborate fraud campaign. This is what researchers from Check Point discovered after a 5-month long study. While ad networks are currently the main victims, the level of sophistication of these attacks can potentially threaten a lot of businesses.

 

Infection and attack

Hummingbad primarily uses a drive-by download attack to infect devices. That means, your device can get infected if you happen to visit one of the attackers’ malicious websites even if you don’t intentionally download anything.

The attack consists of two main components:

  1. One that utilizes a rootkit designed to exploit a wide selection of vulnerabilities in order to ultimately gain access to the system
  2. One that’s called into play if the first component fails. This one displays a fake system update notification in order to deceive the user into granting the malware access to the system.

Even if Hummingbad fails to gain system-level access, it is still able to download several malicious apps. These apps display ad banners and force users to click on them. Because the ads actually belong to legit ad networks like Mobvista, Cheetah, the attackers are able to collect their share of the ad revenues from those clicks. It’s believed that the attackers earn about $300,000 per month from this exercise alone.

 

How Hummingbad can affect your business

The fact that Hummingbad can gain root access and install other malicious apps makes it a serious threat to enterprises. With most everyone bringing smartphones and/or tablets to work, either unofficially or through a BYOD (Bring Your Own Device) program, it’s likely that there is work-related data on their devices.

With the level of access Hummingbad is capable of acquiring, it’s not a stretch to imagine the malware operators – or even copycats – to eventually introduce features for exfiltrating sensitive information stored in the victim’s device. The stolen data can then be sold to fraudsters and identity thieves.

Attackers may also sell access capabilities similar to the way server login credentials were sold at online marketplace xDedic. Other possibilities include putting together all these compromised devices (we’re talking millions) into botnets or using some of them to carry out targeted attacks on people with sensitive positions (e.g. system admins or C-level executives).

Any of these attacks can cause considerable harm to your organization.

While most of the victims are located in Asia, Android users in the United States haven’t been spared completely, with about 286,800 victims in the US.

 

Upgrading to the latest version mitigates the risk of infection

According to the study, a combined 90% of all infected devices were running on Jelly Bean (40%) and Kitkat (50%). These are old Android versions that were first released in July 2012 and October 2013, respectively. By comparison, only 1% of those infected were running Marshmallow, the latest version.

This underlines the importance of upgrading to the latest version. Upgrades may include security updates designed to patch known vulnerabilities. Such updates are especially critical in devices running the Android OS, where vulnerabilities abound. Early this month alone (July 2016), Google released its largest ever security update for Android. That single update addressed an astounding 108 vulnerabilities.

For more information about this malware and how to avoid getting infected, contact us now.