Hackers Spreading Malware Using Malicious Pokemon Go App apk

Pokemon Go App Spreading Malware

Fake Pokemon Go Intro Screen

Security firm Proofpoint said that its researchers has found an infected Android version of Pokemon Go app that gives the hacker complete control over user’s phone who download the Malicious Pokemon Go app apk and install it on their phone.

Pokemon Go App Spreading Malware

Proofpoint researchers found that the app’s apk is modified to include DroidJack (also known as SandroRAT), a popular malicious remote access tool which gives any attacker the ability to take full control of a person’s device, and then uploaded to a third-party site from where users can download the apk and install it. Intro screen of Malicious Pokemon Go app looks similar to the image below.

Fake Pokemon Go Intro Screen
source: proofpoint.com

Remember, Google Play Store is currently the most secure place to download any app. But since Pokemon Go is not yet released worldwide, people from other countries where the app is not available in their Play Stores are using other sites to download the game.

By default, Android does not allow installation of apps from unknown sources which are not authorized by Google. But, majority of the users disable this option by going into Settings->Security and toggling Unkwnown sources option to enable installation of apps from sources other than Google Play Store.

Unknown Sources Permission
Unknown Sources Permission

However, there is a way to check if your device is infected by malicious Pokemon Go apk if you have installed it, follow the steps below.

  1. Go to Settings.
  2. Select Apps.
  3. Scroll down till you see Pokemon Go and tap on it.
  4. On the next screen, tap on Permissions option.

If your permissions screen look something like this

Pokemon Go App Permissions
source: proofpoint.com

Then you have legit apk installed on your device. If the permissions screen look something like the two screenshots below

Malicious Pokemon Go App Permissions list
source: proofpoint.com
Malicious Pokemon Go App Permissions
source: proofpoint.com

This means that you have installed the infected Pokemon Go apk and need to remove it asap.

Last Sunday, it was reported that Pokemon Go app was used in a string of armed robberies where the victims were robbed at gunpoint when they visited certain pokestop in the game.

Leave a Reply

Your email address will not be published. Required fields are marked *