Leave a Comment
There appears to be some malicious software being passed around through a re-uploaded version of Pokemon Go. The software is being attached to the Pokemon app through a ripped version of the apk and handed around to people who can't wait for the game to launch in their region.
Gizmodo is reporting that a software security firm, PointProof, has sent out a warning through their blog to inform people that a third-party application called Droidjack is being latched onto the Pokemon Go apk. This is done by legally downloading a copy of the game, ripping it, adding in the software and then repackaging it for distribution. The Droidjack is not part of the official app's services.
They highlight on the blog a comparison between what the official Pokemon Go app should modify and affect on your system and what the Droidjack modifies. For instance, Pokemon Go affects your SMS messaging in order to communicate with people, as well as taking pictures and proximity based features centered around locating and capturing Pokemon. The Droidjack version lists things like changing network connectivity, connecting and disconnecting the Wi-Fi, viewing Wi-Fi connections and retrieving running apps while also running at startup.
In plain old English, the Droidjack has the ability to automatically connect to an unidentified network, accessing apps and download them to your phone, running them once you turn your phone on. For those of you who don't know, this is usually how personal information and important financial data is stolen through malicious software. Droidjack itself may not do the stealing but as the name implies, it can easily automatically download hijacking software and put your smart device (and personal data) at risk.
Proofpoint points out that this is not only dangerous for individuals, but dangerous for any corporate network that the phone or device accesses while the infected version of Pokemon Go is installed, stating on the blog...
Installing apps from third-party sources, other than officially vetted and sanctioned corporate app stores, is never advisable.
[...] As in the case of the compromised Pokemon GO APK we analyzed, the potential exists for attackers to completely compromise a mobile device. If that device is brought onto a corporate network, networked resources are also at risk.
If you downloaded a copy of Pokemon Go that was not from the iTunes App Store or the Google Play online store, then you might want to go check the list of permissions that your copy of the game has access to and ensure that it isn't running Droidjack. You can check the access by going into the phone's settings, then going into the apps tab, and then locating Pokemon Go. If the app says it has access to turn on and off your Wi-Fi or can "retrieve running apps" and "run at startup" then you have the version with Droidjack on it.
Pokemon Go is available right now in the United States, Australia and New Zealand. The game will be launching soon for Japan, along with Canada and the United Kingdom. Be sure to only download the app from official app store locations and avoid using ripped versions of Pokemon Go, lest you could find yourself becoming a victim of some malicious software.