Hidden Tear Ransomware Targets Arabic Pokémon GO Players

Since the launch of Pokémon GO, people around the world have been captivated by this mobile game. Not too long ago, the client was also released for Windows users, which only helps grow the Pokémon ecosystem. However, a new type of ransomware, called Hidden Tear, is masking itself as a Pokémon GO app for the Windows platform.

Any concept of software that succeeds in gaining mainstream traction will become the target of internet criminals sooner or later. Pokémon GO is no different in that regard, unfortunately. After malicious Android APks were floating around on the Internet, developers have created a new type of ransomware to infected Pokémon GO enthusiasts.

Pokémon GO Ransomware Is A Real Thing

Hidden Tear, as this new strain of malware is called, appears to be a legitimate Pokémon GO client on the surface. But things are very different under the hood. It is interesting to note this ransomware is targeting Arabic users for some unknown reason. The accompanying ransom note is written in Arabic as well.

AlienVault Security Evangelist Javvad Malik stated:

“Using a popular app like Pokémon GO to spread malware is nothing new; we see this whenever there’s a topic that is popular. The unique thing about this attack is the fact that it’s tailored for an Arabic audience – many of whom may not have encountered malware in their native language before.”

Keeping in mind how Pokémon GO has surpassed 100 million total downloads, the target audience for this ransomware can be huge. Even if the developers are targeting Arabic users specifically, their chances of success are still relatively high. Once a computer is infected, they will see a ransom note screensaver with a Pikachu image.

It is not unlikely we will see more ransomware versions targeting Pokémon players moving forward. Since people are so hyped about this game, they will throw caution to the wind in most cases. Internet criminals will attempt to capitalise on this trend, though, and they will make a lot of money by doing so as well.

Source: Threatpost

Header image courtesy of Shutterstock