10th December 2019

Caution before downloading the Pokémon GO APK version

Source: Nintendo
Source: Nintendo

Pokémon GO has been all the rage the past week as users around the world downloaded the app after Nintendo released in New Zealand and Australia on 4th July and in the US on 6th July, with many iOS and Android users in regions outside this downloading an alternative APK file to join the hype.  Are you one of these APK loving, augmented reality creature-catching Pokémon GO-ers? You might want to read on…

Proofpoint has come up with a list of warning signs about some of the permissions that this APK version comes with:

Pokémon Go permissions in some APK versions. (Source: ProofPoint)
Pokémon Go permissions in some APK versions. (Source: ProofPoint)

Proofpoint researchers made a discovery that there was:

‘an infected Android version of the newly released mobile game Pokémon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone. The DroidJack RAT has been described in the past, including by Symantec and Kaspersky. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia.’

Installing APK files of apps does not automatically mean that your device has an malware/viruses but it really opens up your risk to getting one or a whole lot.

When compared to the original game app, 3 classes stand out. These are:

  • a
  • b
  • net.droidjack.server
pokemon-fig5
Original Pokémon GO game classes

 

pokemon-fig6
APK Pokémon GO game classes

Proofpoint has also shared some indicators of compromise to look for in your APK versions:

Screenshot (6)

Downloaded it yet? Or will you wait for the original version?

Sandi

Tech blogger. Gadget junkie. Life lover. I love eyeliner. Miller runs through my veins.

View all posts by Sandi →