émon Go is notoriously successful at sucking its players in so deeply that they can't pay attention to the outside world or, say, oncoming cars.
Hackers are now using that eagerness to become a Pokémon master to spread a dangerous RAT (remote access tool) that allows attackers full access to a victim's Android device, handing over complete control to the criminal, according to the security firm Proofpoint.
The game isn't officially available outside of the U.S., Australia, and New Zealand.
That's left Europeans, Canadians, Asians, and just about the rest of humanity itching to figure out their own way to catch 'em all.
To get the game outside of the official release countries, players have to disable security and "side-load" the application outside of official app stores. That leaves the door open for the infected application to install DroidJack, a years-old crimeware tool now trained on new targets, to enslave the phone completely.
"Cybercriminals can take advantage of the popularity of applications like Pokémon Go to trick users into installing malware on their devices," Proofpoint's blog post reads. "Bottom line, just because you can get the latest software on your device does not mean that you should. Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses."
If you're worried about infection, Proofpoint offers a few ways to diagnose the issue.
But if you're willing to risk your phone and all its data just to get that Charizard a few days earlier, god speed, Pokémaster.