Pokémon GO has been all the rage the past week as users around the world downloaded the app after Nintendo released in New Zealand and Australia on 4th July and in the US on 6th July, with many iOS and Android users in regions outside this downloading an alternative APK file to join the hype. Are you one of these APK loving, augmented reality creature-catching Pokémon GO-ers? You might want to read on…
Proofpoint has come up with a list of warning signs about some of the permissions that this APK version comes with:
Proofpoint researchers made a discovery that there was:
‘an infected Android version of the newly released mobile game Pokémon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone. The DroidJack RAT has been described in the past, including by Symantec and Kaspersky. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia.’
Installing APK files of apps does not automatically mean that your device has an malware/viruses but it really opens up your risk to getting one or a whole lot.
When compared to the original game app, 3 classes stand out. These are:
Proofpoint has also shared some indicators of compromise to look for in your APK versions:
Downloaded it yet? Or will you wait for the original version?