“Cybercriminals can take advantage of the popularity of applications like Pokemon GO”
Pokemon GO is still on fire. It was recently revealed that the game has had more downloads in its first week than any other app in App Store’s history. Meanwhile, SuperData Research revealed that Pokemon GO had earned $14 million by July 11. Despite the game’s huge success, Proofpoint’s warning still stands — “gamers should be extremely wary of what they may be exposed to when downloading apps from app stores other than the Apple App Store and Google Play.”
Proofpoint researchers discovered an infected Android version of Pokemon GO and advised players against downloading the APK from third parties. We talked to them and found out what should be done in case people’s devices are compromised.
JAXenter: How did you discover the infected Android version of Pokemon GO?
Proofpoint: A sample of the Android version of the Pokemon GO application was anonymously submitted to a public, online virus and malware repository. Our Proofpoint mobile threat team analyzed the finding to assess the implications. This particular version has not yet been observed in the wild, but the existence of the sample suggested that threat actors would be capitalizing on the popularity of Pokemon GO.
JAXenter: Has anything changed since then?
Proofpoint: We have not observed it in the wild; however, it represents an important proof of concept: namely, that cybercriminals can take advantage of the popularity of applications like Pokemon GO to trick users into installing malware on their devices.
JAXenter: What should people whose devices have been compromised do?
Proofpoint: If your phone is infected, you must wipe your phone entirely and re-install the latest Android operating system. Your local cell phone store will likely need to help you with this process or you can buy a new phone.
JAXenter: What can DroidJack do to a user’s phone? What is the worst case scenario and what should users do in this case?
Proofpoint: DroidJack gives attackers complete access to mobile devices including user text messaging, GPS data, phone calls, camera—and any business network resources they access. If a user’s phone is infected, attackers could gain full control of their phone and access network and cloud resources to which they were connected.
JAXenter: Some publications encouraged people to “side-load” third-party apps. What is your take on that?
Proofpoint: Installing apps from third-party sources, other than officially vetted and sanctioned corporate app stores, is never recommended. Gamers should be extremely wary of what they may be exposed to when downloading apps from app stores other than the Apple App Store and Google Play. Enterprises also need controls to detect side-loaded apps and ensure employees cannot bring modified devices into corporate networks.
JAXenter: Are you in contact with the creators of Pokemon GO regarding this matter?
Proofpoint: We attempted to contact Niantic Labs prior to publication of our research but did not receive a response at the time.
Thank you very much!
Your opinion matters — your device may be infected!