FAKE PC APP CLAIMS TO BE POKEMON BUT IS ACTUALLLY RANSOMWARE
A new type of ransomware is impersonating Pokemon Go to gain access to users’ computers and con them out of their cash. Researcher Michael Gillespie uncovered the malware, which lures users in to infecting their Windows PCs with the popular game’s name and a Pikachu logo.
Once active, it encrypts common file types like regular ransomware and displays a message in Arabic asking users to send an email to get payment details.
But from there it also shows some extra functionality, creating a backdoor Windows account and network shares and copying its executable file to other drives.
“Most ransomware typically do not want to leave any traces behind other than the ransom notes,” wrote Bleeding Computer‘s Lawrence Abrams in his analysis.
“The Pokemon Go ransomware acts a little differently as it creates a backdoor account in Windows so that the developer can gain access to a victim’s computer at a later date.”
When the ransomware copies itself to removable drives, it also creates a file that means it will run automatically when it is inserted into a computer.
Analysts say the ransomware shows signs it is still in development, so it could have even more features by the time it sees a full release.
Ransomware is big business for cyber criminals. Recent analysis of the Cerber ransomware as a service (RaaS) offering showed that its current active campaigns could be worth as much as $2.3 million (£1.8 million).