Title reference: http://www.escapistmagazine.com/forums/read/7.351547-Counterfeit-Pokemon-Game-Tops-App-Charts
luckly that case is NOT a virus.
Unfortunately, we have three new one which is actually worked (and free) because these are just chinese online game style pokemon (wouldn’t want to say it look like they just create a game and put pokemon character in because the chinese playing these game don’t like) which is likely malware!!!
Here, I am not going to critize that it is illegal (because they make profit by in game events using Nintendo property), but to show the malware activity of some samples.
- Pokemon main edition (original name:宠物小精灵官方版)
downloaded from: h**p://t.cn/RhcDRSe
see: https://www.virustotal.com/en/file/0901f06e86ca19cf36c6ed343c0bd36c52c97ca47b161c69f02e1ac2515465dc/analysis/1411999420/
I still keep a clean copy for comparision: https://www.virustotal.com/zh-tw/file/9ad2e014389e32287c27ad71c6b20037eb6777a7b77f51b5025ad869342a5403/analysis/
but they decide to inject adware (I don’t think you are interested because this is a free game) https://www.virustotal.com/zh-tw/file/3e782625fd099892b386d8fe106f5e097ec612a2f554a486ef287e3a3d05be2e/analysis/1412004019/ downloaded from h**p://sj.img4399.com/game_list/404/com.duole.koudai.m4399/koudai.m4399.v50765.apk
- Go!Pikachu (original name:去吧!皮卡丘)
see: https://www.virustotal.com/zh-tw/file/cc602d8b6f03b5d0047b2e84bdabc8e7570e5b48a7779c651edca16e398202bf/analysis/
same source, updated? https://www.virustotal.com/zh-tw/file/fbf961ddf062d196f3ee068a313ca19602ca4f74416ff7d0634c144273afa86f/analysis/1412004647/
Different sample: h**p://api.m.duoku.com:8090/charged/charged/download?url=http%3A%2F%2Fdl.m.duoku.com%2Fgame%2F67000%2F67427%2F20140709111941_13005.apk via http://tieba.baidu.com/p/3209623544
different detection https://www.virustotal.com/zh-tw/file/34333883063012d4ad8ca13bc6881bdf5622978678fa276b487b2b55c085c1d0/analysis/1412005687/
This were injected into the game in an update. I still have the clean old version file, see https://www.virustotal.com/zh-tw/file/1db241f0ad35ce86b063a610cd357f78b6cb7bdd3fc8aa60ee28b690280ac392/analysis/
- Pocket Monster: Pokemon 3D (original name: 口袋妖怪:神奇宝贝·3D)
downloaded from: h**p://sj.img4399.com/game_list/340/com.trenddna.sy4399/trenddna.sy4399.v51045.apk
see: https://www.virustotal.com/zh-tw/file/2fd6f978e84cf39a6aaef1e8786faba8d322073ae2d04e7d84cf272b0f41c259/analysis/1412006321/
I found another file of the same game without trojan virus
source: h**p://www.appgame.com/archives/315073.html
see: https://www.virustotal.com/zh-tw/file/13cc9c4cba71898f80ca053d2c8389bfe330bbddb08142080cd8352c29660aad/analysis/1412007812/
No apk file mentioned above is currently detected by avast.
PS: look like 4399 android market want even more trojan virus on their site because game #3 is a very new one. Luckly the whole 4399 is blocked by avast!