To make things even more remarkable … it’s only been available for 11 days, and officially only launched in a handful of countries. So how have gamers, itching to get their hands on it, been playing? Simple APKs.
With an Android Application Package (APK) users are telling their Android devices to accept side-loaded apps, which is done through their Settings. A user will click into security settings, and enable the “unknown sources” checkbox, and voila, the ability to finally play Pokémon Go. Sounds amazing right? Well, it did until Proofpoint researchers discovered an infected Android version, we did mention it’s only been released for 11 days right?
According to Proofpoint, this “specific APK was modified to include the malicious remote access tool (RAT) called Droidjack (aka SandroRAT), which would virtually give an attacker full control over a victim’s phone. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia.”
If you are like the majority of the world who could not wait, and just installed Pokémon Go from an outside source, we recommend you immediately check the app’s requested permissions. While it’s not likely that you have downloaded the infected version, it is always better to be safe than sorry. Go to Settings > Apps > Pokémon Go > Permissions.
If you have the legitimate Pokémon Go APK this is what your permissions SHOULD look like:
If you have downloaded from an outside source, you’re running the risk of a backdoored Pokémon Go APK. Since it has been modified so well, users likely will not notice that they have installed a malicious application. The start-up screen from the infected APK is identical to the legitimate one. This is what the permissions look like on affected devices:
As much as we know that you are chomping at the bit to become a Pokémon Master, it is always a great risk installing apps from third-party sources instead of the sanctioned app stores like Google Play and Apple App Store. Using these questionable sources, exposes users and their devices to a smorgasbord of malware. Furthermore, if you are using your work phone to download and play this game, you’re putting your companies’ networked resources at risk as well.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
You can find Secure Sense on Facebook, LinkedIn and Twitter. Follow us for current company and industry news.