Pokemon Go Players at Risk From Hackers

Pokemon go hackers cybersecurity malware
The augmented reality mobile game "Pokemon Go" by Nintendo is shown on a smartphone screen in this photo illustration taken in Palm Springs, California U.S. July 11, 2016. REUTERS/Sam Mircovich

The success of the Pokémon Go app could be putting millions at risk of hackers and other criminals, security experts have warned.

Less than one week after launch, Pokémon Go has proved extremely popular around the world. According to data from SimilarWeb, the app has surpassed the dating app Tinder in terms of U.S. downloads on Android smartphones.

The game—which uses a device’s location to allow players to find and capture Pokémon characters in various places—has only officially launched in the U.S., Australia and New Zealand, however workarounds are available to allow users to install it in other countries.

“Had Pokémon Go been released globally (since people everywhere are playing it), no one would have felt the need to visit third party sites,” Tyler Reguly, manager of software development at Tripwire, told Newsweek . “The websites hosting this content are often plagued by drive-by attacks and malware, incorporating this into the actual download is a logical expansion.”

Reguly suggests that Pokémon Go’s popularity is such that many people would knowingly install malware in order to get hold of the game, rather than wait for an official release.

pokemon go security android malware Figures from SimilarWeb show that Pokémon Go has already been installed on 5.16 percent of Android smartphones in the U.S., compared to Tinder's 2 percent. SimilarWeb

Some rogue versions of the app may contain malware that allows criminals to take full control of an Android smartphone through a security backdoor called DroidJack, other experts have warned.

“DroidJack gives attackers complete access to mobile devices, including user text messaging, GPS data, phone calls, camera—and any business network resources the access,” says Kevin Epstein, a vice president at network security firm Proofpoint.

“Even though this malicious app has not been observed in the wild, it represents an important proof of concept: namely that cybercriminals can take advantage of the popularity of applications like Pokémon Go to trick users into installing malware on their device.”

The app’s success has also caught the attention of real-world criminals, with police in Missouri warning that armed robbers were targeting punters hunting for Pokémon. According to police, criminals are lying in wait in certain locations popular in the game for offering bonuses.

“It is believed these suspects targeted their victims through the Pokémon Go smartphone application,” a post on the police force’s Facebook page alerted the public.

“If you use this app (or other similar type apps) or have children that do we ask you to please use caution when alerting strangers of your future location.”