Wednesday, August 24th, 2016
Ransomware Disguised As PokemonGo
We have all seen the current popularity and craze with PokemonGo, it’s no surprise cyber-criminals would plan on using this to their advantage and imitate the game with malicious substitutions.
A new ransomware was recently discovered impersonating a Pokemon GO application for Windows.
The Pokemon themed ransomware targets Arabic speaking users and possibly originated in Algeria, according to Bleeping Computer.
In addition to locking up a victim’s files and leaving behind a Pikachu themed ransom note, The Hidden Tear open source based ransomware also adds a backdoor Windows account, spreads itself to other drives, and creates a network share. This will enable the hacker to gain access to the user’s computer at some later point in time. A new user account ‘Hack3r’ is also created, but is hidden from view by modifications in the registry.
According to security vendor Trend Micro: “There are numerous indicators that the ransomware is still under development. One of them is that it has a static AES encryption key of ‘123vivalalgerie’. Additionally, the command & control server (C&C) uses a private IP address which means it cannot connect over the Internet.”
It’s assumed that the developer of the ransomware will enable the malware to generate random encryption keys and enable the IP address to connect over the web when the ransomware is finally released.
Do note that at this point, the games are available on for Android and iOS, and no other operating system. You will find these games in the respective app stores of Android and iOS. Pokémon Go might be available for Windows and OS X in the near future, but it is not available right now — so avoid any links that tell you to download a copy of the game for Windows.
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.