An anonymous reader writes: Over 500, 000 people have downloaded an Android app called “Guide for Pokemon Go” that roots the devices in order to deliver ads and installs apps without the user’s knowledge. Researchers that analyzed the malware said it contained multiple defenses that made reverse-engineering very difficult — some of the most advanced they’ve seen — which explains why it managed to fool Google’s security scanner and end up on the official Play Store. The exploits contained in the app’s rooting functions were able to root any Android released between 2012 and 2015. The trojan found inside the app was also found in nine other apps, affecting another 100, 000 users. The crook behind this trojan was obviously riding various popularity waves, packing his malware in clones for whatever app or game is popular at one particular point in time. Read more of this story at Slashdot.