Several "Pokemon Go" players are complaining about annoying spam in the game that directs them to various malicious websites. Called Hidden-Tear, the new strain of ransomware is disguising as a "Pokemon Go" app for Windows.
Niantic launched "Pokemon Go" early in July 2016 while researchers discovered a malicious version of the app on a file repository service. The backdoor model of "Pokemon Go" was reportedly being used by hackers to allow SMS spam messages that entice players to visit different malicious websites.
Thousands of SMS messages were allegedly forwarded to North American users, claiming to give users more features if they brought in 10 more of their contacts. The site copied the actual "Pokemon Go" website, but has since been removed.
ThreatPost revealed that the "Pokemon Go" scams arrived after news surfaced that a new strain of ransomware, called Hidden-Tear, has been masquerading as a "Pokemon Go" app for Windows. The ransomware encrypts files attaches ".locked" to the end of files and uses AES encryption.
Hidden-Tear is unique from other types of ransomware because it installs a backdoor Windows account and distributes the executable to other drives, which results to new network shares being created. Hidden-Tear allegedly targets Arabic users in particular. An Arabic ransom note screensaver appears with a picture of Pikachu after the ransomware infects its targets. The target's desktop also shows the ransom note "Very important.txt" in Arabic.
There are similar scams that also used the same approach in "Pokemon Go." One campaign claimed to offer targets thousands of the in-game currency Pokecoin when players collect 100 points. The messages reportedly contained Google shortened URLs that resulted to spam sites that may or may not be related to "Pokemon Go."
Other sites promised to award "Pokemon Go" players with Pokecoins if they refer more friends. There were even others that required users to give their login credentials, vowing to provide Pokecoins afterwards.
Experts speculate that the spam and attacks in the game will continue as long as the game remains popular. Niantic is expected to provide some solutions and tips. More updates and details on "Pokemon Go" are expected soon.
