I remember it like it was yesterday. It was 1999, and a 9 year-old me was dragging his father as fast as he could to the local video game store. This was the year that the original, 1st generation of Pokémon games were released onto Nintendo’s Gameboy. Having watched the cartoon series obsessively, I wanted nothing more than to be able to ‘catch em’ all’ myself. My Father handed over his hard-earned cash in exchange for a copy of Pokémon blue. Blue was my favourite colour, but I’d be damned if my starter Pokémon wasn’t going to be Charmander. As the years passed and the games progressed, catching Pokémon became more advanced and more fun, but using a games console to play in a pre-made animated world never did quite quell the itch, until now. Cue Pokémon GO.

Pokémon Go, is the latest release from the Pokémon Company – who have teamed up with Geo games company Niantic. Niantic spun out of Google in 2015, built augmented-reality game Ingress, and then used that to create Pokémon Go – think of it as regular Pokémon  with Google maps. You run around outdoors – the real outdoors – looking for creatures to capture; the monsters are superimposed over your Android or IOS’s camera view to help you imagine catching them when you get near one. The game also incorporates real landmarks into the game such as monuments or house’s of worship, where players must visit in order to gain bonus items (Pokéstops) or battle their Pokémon (Gyms). It’s as real as technologically possible for the Pokéfans of my generation and wannabe Pokémon masters of all ages.

A Pokéstop just outside the office here at Warwickshire HQ. Must resist temptation to go outside!

Unfortunately with all technology nowadays, there are people out there who will abuse it for there own gain. Pokémon GO has barely been out a week (in selected countries) and there are already reports of problems relating to cyber crime.

Firstly, as aforementioned, the game has only officially been released on the play/app store in a select few countries (namely USA, Australia and New Zealand), even though the countries to get the release have already been mapped. This has led to irate Pokéfans looking to find ways to get the app without using their phones app store (myself included).

Look at my Pokémans, just look at them!

For Android users, the answer was found in downloading the Android Application Package (APK) file from the unofficial play store, and downloading it that way. However, the boffins over at proofpoint discovered that some of these APK files had malicious software attached in the form of a Remote Access Tool (RAT) by the name of DroidJack. This nasty bit of kit can give the attacker full access to the victims phone, harvest personal information, and track their every move.

“Likely due to the fact that the game had not been officially released globally at the same time, many gamers wishing to access the game before it was released in their region resorted to downloading the APK from third parties,” Proofpoint says.

While Proofpoint says that Android owners can avoid the infection by only accessing the game through a trusted service like the Play store (which does mean waiting for an unknown amount of time), those who are worried they might have a malicious copy can check by looking at the permissions granted to the game itself. An infected version of the game, Proofpoint says, will ask for excessive permissions, such as the ability to track web browsing and access to BlueTooth and Wireless network connections. While the regular version, will want access to your contacts, camera, location (GPS) and storage. Anything else should ring bells and red lights.

If you find you do have a copy containing DroidJack: Uninstall it immediately, and run your antivirus software to remove any malware.

Criminals are using lure modules to attract Pokémon – and potential victims to way points within the game.

The second issue is that there are in-game events/functions that criminals have been taking advantage of. As mentioned previously, there are landmarks in the real world where Pokéstops are placed in game. These landmarks work as a stop point where players can collect in-game items. There is also an option where a player can attach an item called a lure module. The lure module attracts Pokémon to spawn at the Pokéstop where it was placed for a short period of time, and this benefit can be enjoyed by all players in the local area.

A Pokéstop with a lure module attached appears like this. Pokémon seem to have a thing for confetti.

Unfortunately for some, criminals have clocked on to how popular this is. Last week, a group of criminals were placing lure modules at Pokéstops in low populated areas such as alleyways and empty car parks. There, they would wait for would-be trainers to arrive and make use of these modules, and when they did, they would be relieved of all of their valuables in the form of a mugging.

Luckily, in this case, the criminals were caught, but this does not mean that there wont be others with the same idea. So if you do have the app and wish to explore, have fun by all means (and join Team Red), but be vigilant and don’t go in to any dark alleyways for the sake of a Pidgey, sometimes its just not worth it.

Sources:The Register, PokémonGO, Niantic

Useful links:

For information about our work to prevent individuals and communities from becoming victims of cyber crime, please visit www.safeinwarwickshire.com/cybercrime

Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).

Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.