It didn’t take long for scammers to join the Pokémon GO craze, with the Australian government cybercrime organisation Stay Smart Online warning a malicious version of the app targeting Android users has been released.
Stay Smart Online says the malicious version was recently discovered on a known malware website and contains a Trojan, software that installs itself onto a smartphone or device to steal sensitive information.
To date, this malicious version has not been seen on official app stores, but people are being warned to only download Pokémon GO from legitimate sites such as Google Play or Apple’s app store, and not “side-load” copies from unofficial sites.
“If you have installed an unofficial version of Pokémon GO, or are not sure if you have, seek immediate technical advice. If you installed the app from the official Android or Apple app stores, then you do not need to worry about this threat,” Stay Smart Online says.
Meanwhile, Niantic Labs, the company behind Pokémon Go, is working to fix the design flaw in the app that say it requesting access to all of a user’s Google account information, with the power to also change it.
“Google has verified that no other information has been received or accessed by Pokémon GO or Niantic,” the company said.
Stay Smart Online says people should install antivirus software onto their smartphone or tablets and people who like testing new apps should get a specific smartphone for the job.
“Do not put any private data on this new phone, do not sign into your normal Google or online accounts, and be careful when connecting it to WiFi networks,” they advise.
If an app requests more information than you are comfortable with, or is unclear about how much information it accesses, you should cancel the download and installation or remove it.