The Pokemon Go craze has just been taken to the next level by cybercriminals bent on making a quick buck. A new Android lockscreen malware, posing as a fake app for the popular mobile game, has been uncovered.

According to IT security company ESET, the application lures victims into installing it onto their phones and after infecting a phone, the malicious programme named "Pokemon Go Ultimate", deliberately locks the screen and forces victims to restart their devices. Even after the reboot, it runs in the background hidden from the victim and secretly clicks on porn ads online.

"With Pokémon GO arguably the biggest buzz the internet has seen lately, people all over the world are keen to get their hands on the app. The bad guys are aware of this and are trying to exploit the hype by infecting Pokémon-hungry victims with malicious fake apps. Pokemon GO Ultimate serves as a perfect example, promising the victim to play the original title, but instead delivering only malicious activity," said ESET malware researcher Lukas Stefanko.

Stefanko further said, "After the installation from Google Play, there was no evidence of Pokemon Go Ultimate on the devices, but instead an app using the name 'PI Network' and a different icon was added."

Fortunately, the malware can be removed. Users can do so manually by going into applications manager in settings, look for the PI Network app and then uninstall it. "This is the first observation of lockscreen functionality being successfully used in a fake app that has landed on Google Play. It is important to note that from there it takes just one small step to add a ransom message and create the first lockscreen ransomware on Google Play," he noted.

Pokemon Go fake Android app delivers first ever lockscreen malware that clicks on porn ads
The Pokemon Go lockscreen malware is just a step away from being upgraded to a ransomwareGetty Images

Pokemon Go fake apps

Two other fake Android apps posing as Pokemon Go apps – "Guide & Cheats for Pokemon Go" and "Install Pokemongo" - were also uncovered. Both apps have been found to deliver scareware ads that trick victims into paying unnecessarily for advertised bogus services.

Once launched, both apps feature pop-ups that ask users to "verify" their account, only to deliver scareware. One such pop-up claims that the device is infected with viruses but promises to remove them all.

"The virus removal masquerade is only one example of the apps' scareware techniques. They can also download other applications, create surveys and display scam ads where the user has allegedly won prizes such as the new iPhone, Galaxy S7 Edge or even large amounts of money. The techniques deployed depend on the country where the user's IP is being localized," Stefanko wrote on welivesecurity.com.

Proceed with Poke-caution

All the three malicious apps have been removed from Google Play Store. However, despite the brief period that they were available, the apps seem to have racked up victims numbering in the thousands. "Pokemon Go Ultimate reached 500 – 1,000, Guide & Cheats for Pokemon Go reached 100 – 500 and the most successful of them, Install Pokemongo, attracted 10,000 – 50,000 victims," Stefanko wrote.

Users have been advised to proceed with caution, when downloading Pokemon Go apps. It is best to install apps only from recognised sources. It is also advisable that users check reviews and ratings and peruse the terms and conditions of the app as well.