Malware-filled Pokemon Go app out in the wild
MANILA, Philippines –There's a malicious version of the recently released Pokemon Go application out in the wilds of cyberspace, and you would do well to avoid it.
Internet security firm ProofPoint reported on an infected version of Pokemon Go for Android devices on Saturday, July 9.
ProofPoint explained, "This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone."
The malware-filled version of the app was posted to a malicious file repository service at around 9:19 am UTC on July 7, less than 72 hours after the game's initial release in New Zealand and Australia.
The potential infection rate of the malware may have been made more effective by the spread of instructions on how to find and install an Android application package (APK) from a third-party source.
"Unfortunately," ProofPoint said, "this is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices."
ProofPoint added, "Individuals worried about whether or not they downloaded a malicious APK have a few options to help them determine if they are now infected. First, they may check the SHA256 hash of the downloaded APK. The legitimate application that has been often linked to by media outlets has a hash of 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67, although it is possible that there are updated versions already released. The malicious APK that we analyzed has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4."
Users can also check what permissions are granted (go to Settings, then apps, then Pokemon Go, and look for your permissions) by their version of Pokemon Go to determine if they've been infected. The legitimate Pokemon GO app allows the app only a handful of permissions.
Compared to the legitimate version, the malware-infected version can record audio, edit your text messages, directly call phone numbers, modify your contacts, read your web bookmarks and history, change network connectivity settings, and retrieve the apps running at startup, among other permissions.
The infected Pokemon Go game looks identical to the real version, unfortunately, with no other obvious indications of a hack on your device.
Proofpoint ended their report by explaining that just because you can download an application outside the app store doesn't mean you should. "Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses." – Rappler.com