Mobile App Hype and Criminal Activity

While Pokemon Go promised to bring in more players, hackers counted on the excitement generated by the launch to spread malware among users until the location services were fully available worldwide.

First Published 13th July 2016 |  Latest Refresh 13th September 2021

Mobile App Hype and Criminal Activity

I choose you, vaguely familiar looking app that may or may not be a malicious clone of the one I am trying to download.

3 min read  |  Reflare Research Team

In this briefing, we will look at the expanding opportunities mobile games offer criminals. Nintendo's release of "Pokemon Go" mobile game will serve as an example.

When the game was launched, it quickly became the top-downloaded and top-grossing app on iOS and Android in many regions. This popularity has made it attractive to criminals targeting players both in cyber and traditional settings.

Malware Distribution

Many websites provide illegitimate software copies for iOS and Android devices. While they mostly aim to pirate paid software and offer it for free, the region-based rollout of Pokemon Go has resulted in many users in regions where the game is not yet available turning to said illegitimate sources to download the free game ahead of schedule.

Hackers quickly identified this trend and started bundling the game with malware before providing it for download. Users downloading the bundled versions would infect their phones with malware as they installed the game.

This phenomenon seems to have primarily targeted Android phones, but in principle, the same attack can target users of jailbroken iOS devices. The hype built up around games such as this can help override users' care and scepticism. Users are advised to only acquire software from trusted sources such as the Google Play Store or Apple AppStore.

Companies providing work phones to employees should ensure that only trusted software can be installed on the devices. Networks that employees may connect private phones to are expected to experience an increase in attacks originating from infected mobile devices in the coming weeks.


The more interesting abuse of Pokemon Go has its roots in the game's AR- and walking-based gameplay. Specific locations in the real world hold special significance within the game, leading many players to visit them physically.

However, the locations are semi-automatically determined, meaning that some key locations fall into dangerous or hard to surveil areas. Criminals quickly identified key spots in secluded areas and started mugging and robbing players trying to visit them.

This phenomenon highlights the growing connection between cybercrime and traditional crime. While the robbers aren't cyber-criminals, they are abusing the properties of a digital asset to lure victims into a classic ambush.

As the digital and the real-world interplay strengthens, we predict an increase in similar crimes. Players are advised to use common sense when travelling the real world while playing any form of AR games. Parents of young players are advised to discuss the physical dangers that can result from wandering into dangerous areas while playing with their children.

The wider context

The pattern of using current hype cycles in popular culture or IT to further criminal goals has held firm over the years. When the morally objectionable DeepNude app was removed from app stores worldwide, many app-based and online "alternatives" immediately sprang up to fill the void. Plenty of those, in turn, were malicious in nature (or rather, more malicious than the original).

Similarly, criminals are always happy to exploit current tech trends, be they deep learning, IoT, Web3, blockchain or any other topic that has taken off in recent years. GitHub is crawling with malicious code masquerading as a novel research project hoping that someone will download and run it without checking.

Subscribe by email