It's official: Pokémon Go has become a major phenomenon: It's getting people interested in augmented reality, inspiring filmmakers and even helping players cope with anxiety. Unfortunately, it's also creating targets for malware developers. According to the antivirus folks at ESET, at least three fake Pokémon Go apps have been spotted on the Google Play store since the game launched. One of them has the unsettling distinction of being the first malicious, fraudulent screen-locking app to surface on Google Play.
At a glance, "Pokémon Go Ultimate" looks a lot like the official app -- but after installation the app renames itself "PI Network." Launching it immediately causes a user's device to lock up, rending the phone unusable until the battery is removed or the device is rebooted via the Android Device Manager. Once the phone reboots, the app hides itself and generates ad-revenue by silently clicking ads in the background. It could be worse, too: ESET's blog says that the app is only one step away from being ransomware.
Two other fraudulent Pokémon apps briefly surfaced that produced fake security messages, attempting to trick users into paying for a virus removal service that doesn't exist. At present, all three apps seem to be removed from Google Play, but be on guard: more are likely to show up in the coming days. By all means, join the Pokémon revolution -- just make sure you're downloading the real app before you head out to catch 'em all. Check out the source links below for ESET's full advisory and security recommendations.