Infected ’Pokémon Go’ App Contains Droidjack Malware: Better Wait For An Official Release


Augmented mobile reality game Pokémon Go was first rolled out in Australia and New Zealand. In the frenzy that happened right after, gamers on Android devices who could not wait for the app to be officially rolled out to their regions decided to search for and download the game's APK to get the title into their smartphones ahead of the planned release in their country.

The method, while used by many gamers to begin their Pokémon Go journey earlier, had some risk involved as the app that users downloaded could be a malicious one.

It seems that the risk is now a reality, as security research company Proofpoint has discovered a version of the Pokémon Go APK that contains malware.

The infected version of Pokémon Go contains Droidjack, also known as SandroRAT, which is a malicious remote access tool that basically gives the attacker complete control over the devices of their victims.

The infected Pokémon Go APK was uploaded to a malware repository service less than 72 hours after the game's initial release in Australia and New Zealand, showing that hackers did not waste any time in releasing the Droidjack-injected APK.

Because of the gradual rollout of Pokémon Go, with the United States seeing the app at the Google Play Store about half a day after it was launched in Australia and New Zealand, and the global rollout now paused due to server issues, there is a high demand for the app's APK, and this massive demand was exploited by hackers.

If you are one of these gamers who downloaded and installed an APK for Pokémon Go ahead of its official release in your country, there are a couple of ways to check if the app that is in your mobile phone is the legitimate one or the infected one.

One of the methods that Proofpoint mentioned is to check the permissions of the installed Pokémon Go by going to the Andorid device's Settings menu, then heading to the Apps section and selecting Pokémon Go. Under the game's permissions section, red flags that indicate the presence of the Droidjack malware include granted permissions to make phone calls, access SMS messages, record audio, modify contacts, read internet bookmarks and history, connect or disconnect from a Wi-Fi network, and run upon startup.

Proofpoint ended its report on the Droidjack-infected Pokémon Go by warning Android users on the installation of apps from third-party sources, as these versions of the apps did not undergo the testing and inspection of official app stores. The best way to avoid falling victim to malware-infected apps is to only download from legitimate app stores, including having to wait for the official release of Pokémon Go.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics