A new type of ransomware is impersonating Pokemon Go to gain access to users’ computers and con them out of their cash. Researcher Michael Gillespie uncovered the malware, which lures users in to infecting their Windows PCs with the popular game’s name and a Pikachu logo.

Once active, it encrypts common file types like regular ransomware and displays a message in Arabic asking users to send an email to get payment details.

But from there it also shows some extra functionality, creating a backdoor Windows account and network shares and copying its executable file to other drives.

“Most ransomware typically do not want to leave any traces behind other than the ransom notes,” wrote Bleeding Computer‘s Lawrence Abrams in his analysis.

“The Pokemon Go ransomware acts a little differently as it creates a backdoor account in Windows so that the developer can gain access to a victim’s computer at a later date.”

When the ransomware copies itself to removable drives, it also creates a file that means it will run automatically when it is inserted into a computer.

Analysts say the ransomware shows signs it is still in development, so it could have even more features by the time it sees a full release.

Ransomware is big business for cyber criminals. Recent analysis of the Cerber ransomware as a service (RaaS) offering showed that its current active campaigns could be worth as much as $2.3 million (£1.8 million).

You may also like...

Keep Up To Date - Subscribe To Our Email Newsletter Today

Get the latest industry news direct to your inbox on all your devices.

We may use your information to send you details about goods and services which we feel may be of interest to you. We will process your data in accordance with our Privacy Policy as displayed on our parent website