Malware

Be careful backdoored Pokemon GO Android App spotted in the wild

ProofPoint have found in the wild a backdoored version of the popular Pokemon GO Android App that could allow attackers to gain control over victim’s device

The gamers are going crazy for the last Nintendo game Pokemon GO which uses augmented reality , the mobile app is used by players to walk around and collect the popular characters.

The game is viral, players use to spoof their location using VPNs in their quest to catch ’em all. Crooks are trying to exploit the popularity of the game to spread a malicious version of the Pokemon GO app that could infect Android mobile devices and install a backdoor to gain complete control over the victim’s smartphone.

Experts from the security firm Proofpoint discovered a bogus Android application that included the DroidJack remote access tool (RAT). The official Pokemon GO app was first launched in Australia and New Zealand on July 4th, and later on July 6th in the US, but the malicious app was first uploaded to an online malware detection repository on July 7.

Curiosity is so great that many gamers started to search the app also outside official app stores, many media outlets published instructions on how to download the game from a third party.

“The augmented reality game was first released in Australia and New Zealand on July 4th and users in other regions quickly clamored for versions for their devices. It was released on July 6th in the US, but the rest of the world will remain tempted to find a copy outside legitimate channels. To that end, a number of publications have provided tutorials for “side-loading” the application on Android. However, as with any apps installed outside of official app stores, users may get more than they bargained for.” reported ProofPoint in a blog post.

In order to install the malicious Pokemon GO app the gamer needs to “side-load” it by disabling an Android security setting.

“Unfortunately, this is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices,” highlights Proofpoint. “Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.”

The good news is that it is quite easy to check if the version you have downloaded is infected. For example, the malicious Pokemon GO app requests more permissions of the legitimate one.

Another possibility consists in the verification of the app SHA-1 digest, users can match the hash of the downloaded app with the official one associated with the legitimate app.

Gamers you are advised, be careful when downloading software from third-party app stores.

“Bottom line, just because you can get the latest software on your device does not mean that you should,” the security researchers write. “Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Pokemon GO, backdoor)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Published by
Pierluigi Paganini
Tags: AndroidbackdoorCybercrimeDroidJackmalwaremobilePokemon GO
8 years ago

Recent Posts

FIN7 targeted a large U.S. carmaker with phishing attacks

BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…

11 hours ago

Law enforcement operation dismantled phishing-as-a-service platform LabHost

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…

16 hours ago

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…

21 hours ago

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…

23 hours ago

Linux variant of Cerber ransomware targets Atlassian servers

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…

2 days ago

Ivanti fixed two critical flaws in its Avalanche MDM

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…

2 days ago

This website uses cookies.