Armed with Pokemon Go, everyone wants to be the very best that no one ever was and all of us gotta catch ’em all. The app is currently live in the US, Australia and New Zealand and because of its impossible popularity, its maker Niantic Labs had to put international expansion on hold. While that in itself isn’t so bad, Poké-fans from all around the world are taking to third-party sites to download the game.

Just googling Pokémon Go APK will give you several links where you can get the game unofficially. While Android allows users to toggle their phone security and install apps from third-party sources, it’s not always recommended. And we’ve just got a reason, as to why we shouldn’t toggle much.

Security researchers at Proofpoint have spotted a malicious Pokémon Go app in the wild that’s infected with a remote access tool called “DroidJack,” which would give attackers full control over a victim’s phone.

And yeah, it’s super effective!

According to the researchers, it’s not all bad. They believe that they hadn’t actually found any reports of the malware having infected users. Apparently, only the existence of the malware was discovered in the form of an APK file in a file storage system online. Also, Google Play is vary of the DroidJack malware so you can happily download and install apps from there.

The high demand and popularity of Pokémon Go is leading to many problems for its makers and users alike. Server crashes, freezes and the like have become something of a norm for the game. The makers are saying that international expansion will have to wait until scaling issues are fixed.

According to Proofpoint, if the malware was somehow downloaded and installed on a device, it would be too late before the users realized that they’ve gotten more than they bargained for. The start screen of the app is same as that of the official game. And unless you pay close attention to the app permissions, you won’t be able to tell the malware from the real deal.

There’s a second method of checking the app for malware. It involves comparing the SHA256 hash of the APK to the official version, but it’s for the geeks. More information on that is available here.

The remote access tool (RAT) in the app redirects to a server that would listen for connections from infected devices then give them commands (or the “C&C server” – aka the “command and control” server) in Turkey. The researchers found that this was inactive and nothing to be worried about, for now.

Most would recommend you to wait for the official app to be released in your country instead of downloading the game via a third-party source for security reasons. The DroidJack malware proves that malware developers are already hard at work trying to use the high demand of Pokemon Go for their twisted purposes.

The reports regarding the DroidJack malware reads:

Even though this APK has not been observed in the wild, it represents an important proof of concept: namely, that cybercriminals can take advantage of the popularity of applications like Pokemon GO to trick users into installing malware on their devices. Bottom line, just because you can get the latest software on your device does not mean that you should. Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.


Leave a Reply

Your email address will not be published. Required fields are marked *