Be careful backdoored Pokemon GO Android App spotted in the wild

Pierluigi Paganini July 11, 2016

ProofPoint have found in the wild a backdoored version of the popular Pokemon GO Android App that could allow attackers to gain control over victim’s device

The gamers are going crazy for the last Nintendo game Pokemon GO which uses augmented reality , the mobile app is used by players to walk around and collect the popular characters.

The game is viral, players use to spoof their location using VPNs in their quest to catch ’em all. Crooks are trying to exploit the popularity of the game to spread a malicious version of the Pokemon GO app that could infect Android mobile devices and install a backdoor to gain complete control over the victim’s smartphone.

Experts from the security firm Proofpoint discovered a bogus Android application that included the DroidJack remote access tool (RAT). The official Pokemon GO app was first launched in Australia and New Zealand on July 4th, and later on July 6th in the US, but the malicious app was first uploaded to an online malware detection repository on July 7.

Curiosity is so great that many gamers started to search the app also outside official app stores, many media outlets published instructions on how to download the game from a third party.

“The augmented reality game was first released in Australia and New Zealand on July 4th and users in other regions quickly clamored for versions for their devices. It was released on July 6th in the US, but the rest of the world will remain tempted to find a copy outside legitimate channels. To that end, a number of publications have provided tutorials for “side-loading” the application on Android. However, as with any apps installed outside of official app stores, users may get more than they bargained for.” reported ProofPoint in a blog post.

In order to install the malicious Pokemon GO app the gamer needs to “side-load” it by disabling an Android security setting.

“Unfortunately, this is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices,” highlights Proofpoint. “Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.”

The good news is that it is quite easy to check if the version you have downloaded is infected. For example, the malicious Pokemon GO app requests more permissions of the legitimate one.

pokemon Go permission comparation 1

Another possibility consists in the verification of the app SHA-1 digest, users can match the hash of the downloaded app with the official one associated with the legitimate app.

pokemon go app-fig4

Gamers you are advised, be careful when downloading software from third-party app stores.

“Bottom line, just because you can get the latest software on your device does not mean that you should,” the security researchers write. “Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.”

[adrotate banner=”9″]



you might also like

leave a comment