Security researchers from ProofPoint have found a backdoored version of the popular Pokemon GO Android App which could let hackers take control over victim’s device.
Gamers are crazy about the latest Nintendo game Pokemon GO. The most interesting fact about the new game is that it uses augmented reality, while the players use the mobile app to walk around and collect the popular characters.
At the same time, the hackers are trying hard to exploit the popularity of the viral game to spread a malicious version of the Pokemon GO app which could infect Android mobile devices and install a backdoor to gain complete control over the victim’s smart phone.
The Proofpoint security experts discovered a bogus Android application which included the DroidJack remote access tool (RAT). The official Pokemon GO app was first launched on July 4 in Australia and New Zealand, and on July 6 in USA, while the malicious application was uploaded to an online malware detection repository on July 7.
Gamers got so excited that lots of them started to search the app also outside official app stores, and many media outlets published instructions on how to download the game from a third party.
“The augmented reality game was first released in Australia and New Zealand on July 4th and users in other regions quickly clamored for versions for their devices. It was released on July 6th in the US, but the rest of the world will remain tempted to find a copy outside legitimate channels. To that end, a number of publications have provided tutorials for “side-loading” the application on Android. However, as with any apps installed outside of official app stores, users may get more than they bargained for.” ProofPoint reported.
To install the malicious Pokemon GO app the gamer should “side-load” it by disabling an Android security setting.
“Unfortunately, this is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices,” Proofpoint states. “Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.”
Fortunately, it is very easy to check if the version you have downloaded is infected. For instance, the malicious Pokemon GO app requests more permissions than the legitimate one. Another possibility is included in the verification of the app SHA-1 digest, users can match the hash of the downloaded app with the official one associated with the legitimate app.
Meanwhile, gamers are strongly advised to be careful when downloading software from third-party app stores.
“Bottom line, just because you can get the latest software on your device does not mean that you should,” the security experts say. “Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.”
