While the world is thoroughly engaged in a collective Pokémon Go quest to catch ’em all, nefarious opportunists have unleashed a new ransomware to take advantage of those unable to download the game.
The new Hidden-Tear based ransomware poses as a Windows 10 app, and is currently targeting Arabic-speaking users, following the move by many Arab countries to ban or limit the game.
As well as locking a user’s files, presenting them with a Pikachu themed ransom note, the malicious software adds a backdoor Windows account, spreading itself to other drives, and creating a network share.
Related: Pokémon Go tips and tricks
Jonathan Sander, VP of Product Strategy at Lieberman Software said: “This Hidden-Tear ransomware is either the cutting edge or class clown of the malware world.
“Generally, ransomware is built to extract money and leave no traces. Hidden-Tear behaves like a malware hybrid that encrypts files and asks for ransom, but all attempts to spread in ways normally associated with a virus.”
Once a user downloads and installs the ransomware, it creates a user account and adds it to the Administrators group. It then hides the account by configuring a Windows registry key.
On top of this, it creates a shared network, though, at this point, the reason for this is unclear as the program doesn’t appear to be using the function.
Related: Pokémon Go hacks
Mark James, Security Specialist at ESET said: “This particular piece of malware is a little different, it not only wants to infect you with ransomware, it appears to have a hidden agenda.
“That could enable someone at a later date to remotely connect back to the infected computer and perform other malicious tasks.”
Black Friday Deals
Best eBay Black Friday Deals: All of 2017’s biggest eBay bargains
Google Pixel 2 XL Deal: Take £50 off this stunning phone in Black Friday sales
Currys Black Friday Deals: Best Currys deals, offers and codes for November 2017
Best Tesco Black Friday Deals 2017: Save on Star Wars, Dyson and Amazon Fire TV
The very best Amazon Black Friday Deals 2017
At this point, the ransomware doesn’t seem to have reached its final version, and appears to be in a developmental stage. It’s assumed once it is fully released, the purpose of the shared network will become clear.
James added: “It’s currently targeted at Arabic victims but could easily be adapted for global use and we could see it modified and spread in other countries.”
Aside from the fact that the game requires you to walk around in order to play it, there’s really no reason anyone should ever be downloading an app claiming to be a desktop version of Pokémon Go.
As Sander explains: “People need to use what should be common sense here – in this case realising that a mobile app appearing on their PC is *actually* too good to be true.”
Sign up for the newsletter
Get news, competitions and special offers direct to your inbox
WATCH: Pokémon Go tips and tricks
Let us know your thoughts on this latest ransomware in the comments.