NEW YORK–Perhaps it shouldn’t be surprising, but the popular game PokemonGo has a new function: it’s being used as a theme to hide ransomware.
According to MalwareHunter, two versions of PokemonGo ransomware have been discovered in the market: one is a variant of the ransomware DetoxCrypto, while another is a variant of Calipso.
Security analysts say neither version of the ransomware is as sophisticated as other types that have infected computers.
In both cases, infected computers display screens saying that all of the user’s files will be locked unless the user pays a ransom within 72 hours. According to reports, the ransomware demands two to three bitcoins ($1,160 to $1,700).
Payload Security reported the ransomware is a 3.7 MB Windows executable file named "88547-pokemongo.exe." In the case of the PokemonGo version, it plays an audio file, "pok.wav” that contains music from the Pokémon Gameboy game.
According to MalwareHunter, the threat with the PokemonGo ransomware is actually larger than just the infected computer. The company said it includes the ability to create an admin-level account named "Hack3r” and can also locate removable drives and drop an autorun.inf file onto the devices.