Published on September 9th, 2016 | by admin
30% of all Pokemon GO social media accounts are fraudulent, hyperlinks to trojans
The announcement yesterday morning that Pokemon Go is coming to the Apple Watch will make die-hard fans (and Nintendo shareholders) happy. The app will arrive before the end of the year and will track distance walked and alert gamers when they are near a PokeStop. Gamers without an Apple Watch won’t need to fret as the Pokémon Go Plus wristband accessory with the similar function will come out next week.
Downloaded more than 500 million times in two months, Pokemon Go is not a problem. More problematic, however, is the prevalence of potentially risky social media pages related to Pokémon GO.
Proofpoint researchers identified 543 social media accounts related to Pokémon GO across Facebook, Twitter, and Tumblr. Of these, 167 – over 30% – were fraudulent.
- 44 accounts had links to download files, many purporting to be Pokémon GO, game guides, etc.
- 79 were imposter accounts
- 21 accounts promised “free giveaways”
Accounts with downloads affected both mobile and desktop platforms and delivered adware, malware, and software other than the one advertised.
Power ups, guides, and walkthroughs are all common and easy ways to draw users’ attention as these are compelling tools that help players in the game.
“Pokémon GO and the apps and social media accounts it has spawned are just the latest examples of viral phenomena that introduce serious risks for individuals and organizations. The bad guys are always looking for a way in and popular apps like Pokémon GO or big events like the Rio Olympics can open the door to a variety of threats,” said Dave Jevans, Vice President, Mobile Security.“The developers of Pokémon GO may have fixed the privacy issues with the game, but it’s much more difficult to deal with related apps and social media accounts over which they have little or no control. When employees or other users of devices that make their way onto corporate networks go looking for the latest cheats or fan information, too often they get more than they bargained for.”
For example, the fraudulent Facebook page below links users to a download of the Downware Trojan:
Mobile and social threats combine in another example in which a fraudulent Facebook page leads users to Android malware:
This is a problem because Pokémon GO has been downloaded more than 500 million times already! And gamers are trying to get the best leverage for their journey — especially as we know levelling past 20 is a PITA.
At the same time, the 167 fraudulent social media accounts are the tip of the iceberg in terms of the risks, scams, and malware that face users as they search for tips, level ups, and other ways to gain advantage in the game.
A more detailed summary about this topic can also be found here.