Monday, July 11, 2016

Malicious version of the Pokémon Go app makes your Android Go at High Risk

Android users are at risk since Pokemon Go, worldwide known app, has a malicious version.

The game is created by Niantic and it takes users out into the real world by using geo-markers scanned with their phone's camera to "find" Pokémon in the wild.

The popularity of this app is so high that can even pair with Twitter in terms of daily active users.

It is discovered that that there is a malicious version of the app that was modified in order to include the malicious remote access tool (RAT) known as DroidJack which gives the attackers the possibility to fully control victim’s phone. In less than 72 hours the malicious APK was already uploaded to the malicious file repository.

What caused this to happen?

The release of the app was in Australia and New Zealand on 4th July and than two days later in the US. Due to the fact that the demand was so high it created some server issues so the developers had to pause the release to other regions in order to fix the issues first.

Many gamers from the rest of the world who wanted to access the game before the official release actually downloaded the APK from third parties. In order to download the APK you have to accept side-loaded apps by enabling the “unknown sources” in the Settings Security area.

This kind of practice is very dangerous and puts your device at high risk. Researcher from Proofpoint said that:

Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.

How to determine if you are infected?

Check the hash of the downloaded app since the malicious one has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4.

Besides you can check the installed application’s permissions which can be found in the App section of your Android device. Look for the Permission section and check the list of legitimate apps.

                                              1. Legitimate Pokemon GO classes (Proofpoint)

                                               2. Malicious Pokemon Go classes (Proofpoint)

Even though you want to have the app as soon as possible, you should wait for the official release since downloading from third parties is never a good choice. By satisfying the need for that specific app, you can put your device and all your data at high risk. Waiting few days pays off.

Stay safe:)




  1. An Android Development of web administrations with Right blend of imagination and usefulness can energize your online nearness. website

  2. Nice information, many thanks to the author. It is incomprehensible to me now, but in general, the usefulness and significance is overwhelming. Best APK Ever

  3. Great job for publishing such a beneficial web site. Your web log isn’t only useful but it is additionally really creative too. There tend to be not many people who can certainly write not so simple posts that artistically. Continue the nice writing movie apps

  4. During this time, your app will notify the system on which it is installed about the intent it is allowed to receive.

  5. I am impressed by the information that you have on this blog. It shows how well you understand this subject. homework help

  6. Gone are the days, when we had to wait and keep a look on the different TV channels for watching the latest movies.
    In this world of ever growing technology, we can easily watch the latest movies or tv shows by streaming on different websites.
    Now we can even watch the movies and TV shows on our Android or Windows smartphones ShowBox Download