Infected Pokémon GO APK carries dangerous Android backdoor
Mon 11 Jul 2016
As Pokémon GO goes viral despite not being available in many countries, users around the world have started side-loading via APK files and risking device security, eager to get their hands on the new mobile gaming app from Nintendo.
Pokémon GO was released in Australia and New Zealand on the 4th July, and later in the States on the 6th July. The rest of the world is still waiting for the rollout to reach their countries. According to security researchers at Proofpoint, people downloading unofficial copies of the games are opening themselves up to hackers who are circulating malicious versions of the Android APK.
The Proofpoint team claims that a remote access tool (RAT), known as DroidJack (or SandroRAT), has been added to APK files, allowing third parties to gain full control over the users’ mobile devices.
‘Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised,’ said Proofpoint.
The security firm advised that users check the permissions for the app in their phone’s settings. Permissions that could indicate infection include; ‘Directly call phone numbers’, ‘Read phone status and identity’, ‘Edit text messages’, ‘Read text messages’, ‘Send SMS messages’, and ‘Record audio’.
‘The infected Pokémon GO APK has been modified in such a way that, when launched, the victim would likely not notice that they have installed a malicious application…The startup screen from the infected Pokémon GO game…is identical to the legitimate one,’ explained Proofpoint.
The security firm advised that users refrain from downloading apps from third-party sources, and should wait for Pokémon GO to be officially released in their region. While not suggesting details on tackling the virus, it added that those infected should immediately delete the app and save their data as a precautionary measure.
