The release of "Pokemon Go" has sparked a frenzy among players and prompted a raft of warnings from lawmakers eager to prevent fans from putting their lives in danger.
But the fevered anticipation of the game has also created opportunities for attackers, a cybersecurity software firm said.
"The vulnerability from 'Pokemon Go' is due to the fact that Nintendo didn't have a global release of the game," said Michael Petit, Africa, Middle East and Asia head of mobility at Check Point Software Technologies.
The mobile gaming app first rolled out in the U.S., Australia and New Zealand in the first week of July, becoming an instant smash hit and rocketing up the most-downloaded lists on app stores. It was released in Germany on Wednesday.
Given the limited release, some eager users might be tempted to download the game from unverified third-party app stores, which could expose them to downloading malicious apps that may be used to steal sensitive information or spy on the user, Petit explained.
Cybercriminals can actually repackage the "Pokemon Go" app for Android, and turn it into a malware, explained a Check Point Wednesday blog post.