Home / News / Software News / This Pokémon Go ransomware poses as a Windows 10 app

This Pokémon Go ransomware poses as a Windows 10 app

by

Pokemon Go

While the world is thoroughly engaged in a collective Pokémon Go quest to catch 'em all, nefarious opportunists have unleashed a new ransomware to take advantage of those unable to download the game.

The new Hidden-Tear based ransomware poses as a Windows 10 app, and is currently targeting Arabic-speaking users, following the move by many Arab countries to ban or limit the game.

As well as locking a user's files, presenting them with a Pikachu themed ransom note, the malicious software adds a backdoor Windows account, spreading itself to other drives, and creating a network share.

Related: Pokémon Go tips and tricks

pokemon go

Jonathan Sander, VP of Product Strategy at Lieberman Software said: "This Hidden-Tear ransomware is either the cutting edge or class clown of the malware world.

"Generally, ransomware is built to extract money and leave no traces. Hidden-Tear behaves like a malware hybrid that encrypts files and asks for ransom, but all attempts to spread in ways normally associated with a virus."

Once a user downloads and installs the ransomware, it creates a user account and adds it to the Administrators group. It then hides the account by configuring a Windows registry key.

On top of this, it creates a shared network, though, at this point, the reason for this is unclear as the program doesn't appear to be using the function.

Related: Pokémon Go hacks

Pokemon Go Gym Win

Mark James, Security Specialist at ESET said: "This particular piece of malware is a little different, it not only wants to infect you with ransomware, it appears to have a hidden agenda.

"Most ransomware deletes itself once the job is done, but this particular piece of malware goes a little further by installing a hidden user account with admin privileges.

"That could enable someone at a later date to remotely connect back to the infected computer and perform other malicious tasks."

At this point, the ransomware doesn't seem to have reached its final version, and appears to be in a developmental stage. It's assumed once it is fully released, the purpose of the shared network will become clear.

Related: How to find rare Pokémon in Pokémon Go

James added: "It’s currently targeted at Arabic victims but could easily be adapted for global use and we could see it modified and spread in other countries."

Aside from the fact that the game requires you to walk around in order to play it, there's really no reason anyone should ever be downloading an app claiming to be a desktop version of Pokémon Go.

As Sander explains: "People need to use what should be common sense here – in this case realising that a mobile app appearing on their PC is *actually* too good to be true."

WATCH: Pokémon Go tips and tricks

Let us know your thoughts on this latest ransomware in the comments.

comments powered by Disqus