The dark side of Pokemon GO: Watch out for malware
Man hand holding virus alert smartphone image via Shutterstock
The Pokemon GO app is only officially available in the United States, Australia and New Zealand but this hasn’t stopped eager fans from all over the world from downloading apps outside of official app stores. By doing this users may unwillingly open the door to malware. Pokemon Go is advising users to install the app only via the Play Store or App Store.
Trainers, only install Pokémon GO via the Play Store or App Store. Downloads from other sources may contain malware or viruses.
— Pokémon GO (@PokemonGoApp) July 11, 2016
Pokemon GO is on fire! According to data published by SimilarWeb on July 10, this mobile game may soon outshine Twitter in daily active users on Android. By July 7 (one day after Pokemon GO was released in the United States), the game was installed on more US Android phones than dating app Tinder. The augmented reality game created by Niantic, a former internal Google startup, allows players to “discover and catch more than 100 Pokémon from the original Red and Blue games, take Pokémon into battle against other Pokémon at Gyms, uncover items including a variety of types of Poké Balls and eggs at PokéStops, hatch and train new Pokémon, and more,” the team behind this game wrote in a blog post.
As the popularity of this game exploded, traffic to apkmirror.com skyrocketed; SimilarWeb revealed that traffic to the website went from just over 600,000 visits on July 5 (one day after Pokemon GO was released in Australia and New Zealand) to more than four million visits on July 6. People across the world are playing the mobile game even though the app is only officially available in three countries.
Infected Android version of Pokemon GO on the loose
Researchers at Proofpoint recently discovered an infected Pokemon GO Android version; according to the announcement, this specific APK was altered to include DroidJack, a malicious remote access tool (RAT), which gives attackers the chance to have full control over Pokemon GO players’ phones. Although the team emphasized that this APK “has not been observed in the wild,” it was uploaded to a malicious file repository service on July 7.
Proofpoint also offered a few options to help Pokemon GO players find out whether they dowloaded the malicious APK or not. One way to do that is to check the SHA256 hash of the downloaded APK. According to their research, the malicious APK that they analyzed has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4.
Pokemon GO players can also check the permissions of the installed app (Settings -> Apps -> Pokemon GO); if you see some unusual permissions (some examples can be found here), this means they have been added by DroidJack and the device you are using is infected. However, researchers at Proofpoint claim that these permissions are subject to change in the future.
Your opinion matters — your device may be infected!