Severity scale:  

Pokemon Go virus - a malicious version of the original game

removal by Gabriel E. Hall - - | Type: Malware

Pokemon Go virus is a term used to describe cyber infection that pretends to be the original video game

Pokemon Go virusPokemon Go virus is type of malware that pretends to be original game based on Nintendo's classic series Pokemon

Pokemon Go virus is a type of dangerous cyber threat that inifltrates users' Android devices when they are trying to download the unofficial version of the mega-popular Pokemon Go video game published by Niantic, Inc. As evident, the malicious version of the game has nothing to do with the original one, as it is safe to use and play.

Questions about Pokemon Go virus

Nevertheless, cybercriminals are often abusing the most popular titles and, due to the gaming industry becoming one of the leading among entertainment sectors, bad actors are looking for ways to infect players with malware. However, Pokemon Go is not the only hacking victim, as titles like Fortnite[1] and Apex Legends are widely abused by cybercriminals.

Name Pokemon Go virus
Type Trojan, RAT (Remote access trojan)
Infiltration methods Fake Pokemon Go app from third-party sites, cheat programs, malicious apps in Google Play
Date introduced July 2016
Targeted devices Android and iOS
Risk factors Infiltration of other malware, loss of money, sensitive information disclosure to cybercriminals, etc.
Related malware Droidjack
Termination Use reputable security solution to delete Pokemon Go malware
Recovery To restore your mobile device to pre-infection state, scan it with Reimage Reimage Cleaner Intego 

Besides illegitimate versions in the game, which usually results in Remote Access Trojan (RAT)[2] or ransomware installation, the cheat apps and cracks are also present and pose a significant threat to many users. If you downloaded any of such fake versions of cheats, you should remove Pokemon Go virus by scanning your device with reputable security software immediately.

Another variant of malicious Pokemon Go apps include “Install Pokemongo” and “Guide & Cheats for Pokemon Go” – these apps charged considerable amounts of money to help the users collect Pokecoins, Pokeballs, and Lucky Eggs. Google Play reacted quickly, and these apps are no longer available to obtain. Do not be deceived, though, because not all of the programs related to the original app are dangerous. For instance, “Poké Radar” and “Helper for Pokémon Go” are completely legitimate programs which only help the users enhance their gaming experience. 

Pokemon Go virus removal instructionsPokemon Go virus is a type of malware that can give a remote access to hackers

What significantly increases the possibility of smartphones and tablets being infected with a fake Pokemon Go version is that the original one is not yet released in all countries, such as Japan, China or South Korea. The impatient users might be looking for the non-existing game in the app store and that is where the creators of malicious apps have a chance of stepping in.

The very first Pokemon Go virus infections go back to 2016

The first sightings of Pokemon Go virus occurred in July 2016, when users downloaded a fake version of the game on third-party sites.[3] This payload consisted of RAT (remote access trojan) payload called Droidjack, which essentially served as a secret passage to the device, and would allow the attacker to take over it completely.

This malicious version of Pokemon Go was tracked to a dynamic IP that originated in Turkey, which is often used to start botnet chains or used for spam campaigns. The domain name was traced to – am an underground site that was used by cybercriminals for their shady activities previously.

Upon installation, the Pokemon Go virus asks for the following permissions:

  • To connect and disconnect from the WiFi;
  • View WiFi connections;
  • Change network connectivity;
  • Retrieve the  information about running apps.

Besides these extra permissions, the Pokemon Go virus looked identical to the real game version. If you noticed that the app is asking you to allow the features mentioned above, immediately terminate the installation process as you will be infected with malware.

Pokemon Go virus RATThe very first Pokemon Go virus sightings were observed in 2016, when a fake version of the app installed a RAT trojan Droidjack

Pokemon Go virus was used by cybercriminals to root the device, upload other malicious files and show intrusive ads

Possibly the most renown version of Pokemon Go virus was spotted in September 2016, when Kaspersky security researchers discovered a trojan that slipped into Google Play and was downloaded more than 500,000 times before being taken down.[4]

This version of Pokemon Go virus installed an obfuscated malware payload via the app called “Guide for Pokemon Go New” – it is a supposed helper for the users who want to learn more about Pokemon Go gaming peculiarities. However, what users did not know is that they will allow the malicious payload to root the device, download more malicious files, and display intrusive ads on every site that they visit.

However, malware's capabilities do not end there. This Pokemon Go virus did an excellent job while trying to hide its presence from anti-malware tools by idling before contacting it's Command & Control servers. In the meantime, the infection would determine whether the machine is virtual or not (it is an environment experts analyze malware samples in). After that, the Pokemon Go virus would send information about the infected device, such as its set language, model, software version, etc.

PokemonGo ransomware – a Pokemon-themed cryptovirus that took the code from Hidden Tear

It did not take long for crooks to create a ransomware type virus based on Pokemon Go. Just as previous malware that was based on the game, this threat also used a fake installer to infiltrate players' devices.

As soon as first samples emerged, security researchers noticed right away that PokemonGo ransomware is based on HiddenTear – an open source ransomware project that was initially released for educational purposes, although cybercriminals quickly adapted it as well.

Upon infiltration, PokemonGo ransomware creates a backdoor “Hack3r” account that is assigned to the administrator group, although it is not visible on the login screen due to the registry modification. It also copies its main executable to all removable drives.

PokemonGo virus then encrypts all personal files with AES[5] and uses encryption key “123vivalalgerie.” The ransom note is written in Arabic and demands victims to write an email to Nevertheless, the malware is still in development stages, as plenty of evidence suggests.[6] For example, the virus tries to communicate with a C&C server, although it is not able to because its IP is set to private.

Pokemon Go popular

Always be extra careful when installing new apps, even if they seem legitimate

One of the main reasons for mobile device cyber infections comes from the careless installation of various apps from third-party sites. By default, mobile phones, be it iPhones or Androids, would not allow users to install apps from unofficial sources, not without certain modifications at least. Thus, users have to deliberately enable such feature to let potentially dangerous applications in.

Therefore, do not trust any third-party sites and download apps from Google stores or App Store instead. Even there, you cannot be 100% sure because cybercriminals always think of new ways how to bypass set security measures, and some malicious apps still manage to get into official stores. Therefore, always read reviews about the app and research it online.

Finally, it is just as vital keeping your phone updated and running a comprehensive security solution that would prevent malicious programs from entering your device.

Ways to remove Pokemon GO virus from Android and iOS devices

As we have already mentioned, Pokemon Go removal can be carried out using proper antivirus software. Make sure that you obtain a utility compatible with your device. Otherwise, you may not be able to run the system scan. If the program is not malicious, though, antivirus utilities may not register it.

In such a case, you can simply remove Pokemon Go app from your device through the regular device settings. Most importantly, remember always to keep a close watch for potentially dangerous applications.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Gabriel E. Hall
About the company Esolutions

Removal guides in other languages

  1. Slinkeyy says:
    July 20th, 2016 at 2:19 am

    And THATs why you have to be careful downloading apps

  2. Benedict Wilbour says:
    July 20th, 2016 at 2:20 am

    Just wait till the original version comes out guys! Patience! hah

  3. Supercutekittypaws says:
    November 13th, 2016 at 10:26 am


Your opinion regarding Pokemon Go virus