Nullbyte ransomware going after Pokemon Go players
Nullbyte is a spinoff of DetoxCrypto ransomware.
Two very disparate pieces of news focused on the popular mobile game Pokemon Go broke today, a new version of ransomware leveraging the game has been discovered and Sen. Al Franken (D-Minn.) plans to continue investigating privacy issues with the game.
Bleeping Computer is reporting that a variant of DetoxCrypto ransomware called Nullbyte is on the loose pulling in victims by pretending to be a the NecroBot Pokemon Go bot app. Bleeping Computer is crediting a researcher who goes by the Twitter name xXToffeeXx, with the initial discovery of Nullbyte.
“This ransomware is distributed from a Github project that pretends to be a rebuilt version of the NecroBot application in the hopes that people will download it thinking it was the legitimate application,” wrote Bleeping Computer's Lawrence Adams.
Once the ransomware is downloaded and the files are encrypted, the screen is locked with a ransom note demanding .1 bitcoins, or about $57, being displayed. Adams said a decryptor is available from cyber security researcher Michael Gillespie.
On the privacy front, Franken and Pokemon Go creator Niantic exchanged letters with the senator stating in a written response dated September 1 that he appreciates Niantic's response, but added “I intend to work further with the company in the future to ensure that we're doing everything possible to protect the privacy of Americans—particularly American children—who play Pokémon GO.”
Niantic's seven-page letter, dated August 26, gave Franken a quick primer on the game's genesis, how it is played and what permissions are asked of its players. In the letter Niantic's General Counsel Courtney Greene-Power attempts to answer several questions posed by Franken in a letter he sent to the company on July 12. This included an explanation of why cookies and beacons are collected, how younger children are protected.