If a trend is taking over popular culture, you can bet there are fake apps about it. And those apps could put your phone or your private information at risk.
According to RiskIQ, a cybersecurity company that manages digital risk and tracks the presence of malicious apps in app stores around the world, there are thousands of fraudulent applications taking advantage of the explosive popularity of Pokémon Go and the Olympics.
James Pleger, director of research at RiskIQ, said that the company took a look at the entirety of malware in the Pokémon ecosystem and found more than 2,000 malicious applications just for the search term “Pokémon,” or about 10 percent of all apps in the query.
“If you’re looking for Pokémon content, there’s a decent chance that some of these applications are bad. Almost a one in 10,” Pleger said. That could be anything from coloring books to games or rip-offs of Pokémon Go.
However, many of those are likely not live, he said; they may have been pulled from app stores or aren’t available to download.
Apps considered fraudulent could include adware that collects information about you, malware that bricks your phone, or trojans used to hack your device.
RiskIQ looks at apps from all the popular app stores—like Google Play, Apple’s App Store, and Amazon—as well as third-party app stores and markets that belong to mobile carriers that serve localized content to users around the world. Pleger said that while some apps get taken down soon after they’re published to app stores because the companies find them to be fraudulent, some app stores syndicate content from places like Google Play and don’t delete them just because Google does.
The ratio of fraudulent Pokémon apps to authentic ones is “abnormally high” Pleger said, and the company has seen a “crazy spike” surrounding the trend.
The Olympics and associated topics like ticket sales and health information are popular targets for thousands of fraudulent apps, too. Portuguese, Spanish, and English-language stores are being particularly targeted, especially regarding apps that claim to help spread information about the Zika virus, he said.
Fraudulent apps are a problem for app stores and the web, and it can be difficult to track and purge the bad actors. Apple’s review process is much more intense than other app stores, though Google began screening apps before they get pushed to Google Play in 2015. Still, it’s possible for apps to slip through the review process—and even top the charts.
According to Pleger, the distribution of fraudulent Pokémon apps the company discovered is pretty broad—of the 2,100 malicious apps in one Pokémon search query, 364 of them are from an app store in China, while almost 300 are in Google Play. The most popular fake apps, he said, are for cheating at Pokémon Go.
Don’t fall for malicious apps—watch out for those that promise ripoffs of trends for free when the official app is paid. When you’re looking for new apps, pick ones from trusted developers, and take a look at the other apps the developers published on the app store. If nothing is there, you may want to approach the download with caution.
Sometimes, the most clichéd advice still works: If it seems too good to be true, it is.