Kaspersky Lab specialists discovered a new malicious Google Play Store app called the Pokemon Go Guide, which is able to suck up root access rights on an Android smartphone by using them to install or uninstall apps and view unsolicited ads.
The application has "down" more than 500.000 times, with at least 6.000 successful "infections". OR Kaspersky Lab has reported it Trojan at Google and the application has been removed from the Google Play. 
Το παγκόσμιο φαινόμενο Pokemon Go έχει οδηγήσει σε έναν αυξανόμενο αριθμό σχετικών εφαρμογών και, αναπόφευκτα, αυξημένο ενδιαφέρον από την κοινότητα του ψηφιακού εγκλήματος. Η ανάλυση της Kaspersky Lab στο Trojan «Οδηγός για Pokemon Go» οδήγησε στην ανακάλυψη κακόβουλου κώδικα, ο οποίος έκανε λήψη κακόβουλου λογισμικού για rooting, διασφαλίζοντας την access στον πυρήνα του λειτουργικού συστήματος Android, με σκοπό την εγκατάσταση και την αφαίρεση εφαρμογών, καθώς και την εμφάνιση διαφημίσεων.
The Trojan includes some interesting features that help it evade detection. For example, it is not launched when the victim activates the application. Instead, it waits for the user to install or uninstall another application, and then checks to see if that application is running on a real device or a virtual machine.
If it is a device, the Trojan waits an additional two hours before starting its malicious activity. Even then, "contamination" is not guaranteed. After the connection of the Trojan with its command server and "uploading" details of the "infected" device, including country, language, device model and operating system version, the Trojan will wait for a response. Only when it receives this response will it proceed with further requests and the download, installation and application of additional malicious features.
This approach means that the control server can prevent the attack if it wants, bypassing users who do not want to target, or those who suspect that they are sandboxes or virtual machines, for example. This provides an additional level of protection for malware.
Once rooting rights are enabled, Trojan will install its features into system folders on the device by installing and silently uninstalling other applications as well as displaying spam ads to the user.
Kaspersky Lab's analysis shows that at least one other version of the Pokemon Go Guide malware was available through Google Play in July of 2016. In addition, researchers have watched at least nine other applications that have been "infected" with the same Trojan and are available on the Google Play Store at different times from December 2015.
Kaspersky Lab data shows that there have been over 6.000 successful "infections" to date, including Russia, India and Indonesia. However, since the application is geared towards English-speaking users, people in the relevant geographic areas, and many others, are also very likely to be affected.
"In the electronic world, wherever consumers go, digital criminals will run to follow them. Pokemon Go is no exception. The victims of this Trojan can, at least in the first instance, not even notice the increase in distracting and distracting advertisements, but the long-term effects of "contamination" could be far more damaging. If you have fallen victim, then someone else has entered your phone and has control over your operating system and everything you do and save on it. Even if the application is now removed from the app store, there are almost half a million people out there vulnerable to "infections," and we hope that this announcement will warn them to take appropriate action, said Roman Unuchek, Kaspersky Lab's Senior Malware Analyst.
People worried that they may come in contact with the Trojan should install a reliable security solution, such as Kaspersky Internet Security for Android on their device.
If the security scan shows that they are already "infected", the best way to remove the rooting malware is to backup all data and factory reset the device settings.
In addition, Kaspersky Lab recommends that users always check that applications are created by a trusted developer, keep the operating system and their applications up-to-date, and not to "download" anything that looks suspicious or whose origin cannot be verified.
To learn more about Rooting TrojanPokemon Go Guide", You can read information on the dedicated site Securelist.com.
All Kaspersky Lab products detect Trojan under the name HEUR: Trojan.AndroidOS.Ztorg.ad.
