Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

This Pokémon Go ransomware poses as a Windows 10 app

While the world is thoroughly engaged in a collective Pokémon Go quest to catch ’em all, nefarious opportunists have unleashed a new ransomware to take advantage of those unable to download the game.

The new Hidden-Tear based ransomware poses as a Windows 10 app, and is currently targeting Arabic-speaking users, following the move by many Arab countries to ban or limit the game.

As well as locking a user’s files, presenting them with a Pikachu themed ransom note, the malicious software adds a backdoor Windows account, spreading itself to other drives, and creating a network share.

Related: Pokémon Go tips and tricks

pokemon go

Jonathan Sander, VP of Product Strategy at Lieberman Software said: “This Hidden-Tear ransomware is either the cutting edge or class clown of the malware world.

“Generally, ransomware is built to extract money and leave no traces. Hidden-Tear behaves like a malware hybrid that encrypts files and asks for ransom, but all attempts to spread in ways normally associated with a virus.”

Once a user downloads and installs the ransomware, it creates a user account and adds it to the Administrators group. It then hides the account by configuring a Windows registry key.

On top of this, it creates a shared network, though, at this point, the reason for this is unclear as the program doesn’t appear to be using the function.

Related: Pokémon Go hacks

Pokemon Go Gym Win

Mark James, Security Specialist at ESET said: “This particular piece of malware is a little different, it not only wants to infect you with ransomware, it appears to have a hidden agenda.

Most ransomware deletes itself once the job is done, but this particular piece of malware goes a little further by installing a hidden user account with admin privileges.

“That could enable someone at a later date to remotely connect back to the infected computer and perform other malicious tasks.”

At this point, the ransomware doesn’t seem to have reached its final version, and appears to be in a developmental stage. It’s assumed once it is fully released, the purpose of the shared network will become clear.

Related: How to find rare Pokémon in Pokémon Go

James added: “It’s currently targeted at Arabic victims but could easily be adapted for global use and we could see it modified and spread in other countries.”

Aside from the fact that the game requires you to walk around in order to play it, there’s really no reason anyone should ever be downloading an app claiming to be a desktop version of Pokémon Go.

As Sander explains: “People need to use what should be common sense here – in this case realising that a mobile app appearing on their PC is *actually* too good to be true.”

WATCH: Pokémon Go tips and tricks

Let us know your thoughts on this latest ransomware in the comments.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words