Story image

Pokemon GO sideloaders potentially risking world full of nasties

11 Jul 2016

Last week we covered how Pokemon GO is taking New Zealand and Australia by storm - but there's a downside - malware attackers can quickly create a storm too.

While fans are sideloading the game onto their phones and bypassing official app stores, along come the nasties.

An Android version of the game has been found by Proofpoint researchers to be infected. Its APK was compromised by DroidJack remote access tool (RAT), which can potentially give an attacker full control of a device.

Proofpoint says that the malicious APK was launched less than 72 hours after the game was released in NZ and Australia, and suspects that the attack was targeting users who just couldn't wait to download the app from their own region.

This was fuelled by some media publications that provided instructions on how to sideload the app from third party websites. What's more, unaware users would not even be aware that the infected app is malicious, as it seemingly looks identical.

The DroidJack RAT has been documended by Symantec and Kaspersky in the past, so it's not a new attack method. It is new to the Pokemon GO app, and Proofpoint recommends that users refrain from sideloading apps that could open their devices up to malicious infections.

Bitdefender has also released a statement, saying that "DroidJack is not a new threat. In December 2015, police cracked down on people who bought DroidJack from underground forums where it was sold for around $200. Police have raided homes across Europe and the US, arresting people suspected of installing the mobile phone malware to spy on their spouse, friends or neighbours".

Users who want to check if they are infected should check the APK's SHA256 hash, which Proofpoint has identified as 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4.

Another way is to check the app's permissions. Infected devices may show extra permissions including directly calling phone numbers, editing text messages, recording audio, modifying contacts, reading web bookmarks, changing network connectivity, viewing Wi-Fi connections, and retrieve running apps.

Proofpoint makes sure to mention that permissions can vary depending on device configuration, and that these could change in future. Proofpoint says this APK is a proof of concept, and that users should always download from legitimate app stores.

Read more in Proofpoint's blog here.

Samsung & Trade Me offer AI-powered shopping
The smartphone camera & AI-powered tech, Trade Me says, is a ‘glimpse into the future of shopping’.
Neill Blomkamp's 'Conviction' is a prequel to BioWare's Anthem
You may remember Neill Blomkamp’s name from such films as District 9, Chappie, and Elysium. If you’ve seen any of those films, the short teaser trailer will seem somewhat familiar to you.
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
617 million stolen records up for sale on dark web
It may not be the first time the databases have been offered for sale.
IBM’s Project Debater unable to out-debate human
At this incredible display of technology, the result was remarkably close but the human managed to pip the machine in this instance.
LPL to broadcast weekly programming on Sky Sports
Let’s Play Live (LPL) has now announced it will broadcast weekly programming for the rest of 2019 on the Sky Sports channel from Sky TV. 
When hackers get the munchies, they just steal McDonalds
What happens when hackers get the munchies? Apparently in Canada, they decide to put their ‘hamburglar’ gloves on and go after unwitting people who happen to use the McDonalds app.
The smart home tech that will be huge in 2019
For millennial home buyers, a generation for whom technology has been ever-present, smart systems are the features they value above everything else.