In the rush to join the millions of fans playing Pokémon GO, some users may have unknowingly downloaded and installed malware on their smartphones.
Despite having been downloaded 5 – 10 million times, the staggered roll-out of the game has caused impatient fans to side-load Pokémon GO.
Side-loading involves downloading an Android Application Package (APK) from a source other than the official Play Store. Users need to turn on a security setting which allows the installation of apps from unknown sources.
Proofpoint, a cybersecurity firm, discovered DroidJack in a Pokémon GO APK. For those wondering, DroidJack is a remote access tool which gives an attacker the ability to open a backdoor on an Android smartphone.
In a blog post, Proofpoint said of side-loading: “Unfortunately, this is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices.”
The worst part, according to Proofpoint, is that users might not even know they have an infected version of the app because, for the most part, the game works just like it should.
Check if you’re compromised
According to Proofpoint, users can check whether they are compromised relatively easily.
Users need to head to Settings, then scroll to Apps and finally tap Pokémon GO.
From there users will need to open up Permissions and check that the following permissions are granted.
- take pictures and videos
- approximate location (network-based) precise location (GPS and network-based)
- modify or delete the contensts of your SD card, read the contents of your SD card
- find accounts on the device, use accounts on the device
- full network access, view network connections
- access the Bluetooth settings, pair with Bluetooth devices
- control vibration, prevent phone from sleeping
The malicious version will have the following, additional permissions:
- directly call phone numbers read phone status and identity (this may cost you money)
- edit your text messages (SMS or MMS), read your text messages (SMS or MMS). receive text messages (SMS), send SMS messages (this may cost you money)
- record audio
- modify your contacts, read call log, read your contacts, write call log
- read your Web bookmarks and history
- change network connectivity, connect and disconnect from Wi-Fi, view Wi-Fi connections
- retrieve running apps, run at startup
If your version of the app has the malicious permissions you’ll need to delete the app and scan for an additional malware. If there is still malicious software left, you’re likely going to have to perform a factory reset.
The bottom line is don’t download apps from untrusted sources, even if the website looks legitimate.
[Source – Proofpoint]