These couple of days my Twitter and Facebook timelines are filled with news about the newly launched AR game, Pokémon GO – developed by Niantic Labs – which let you catch pokemons in real life using your phone’s camera.
Few days after the game’s release, it became the most hottest app on both Apple and Google app stores. In the wake of its immense popularity, the game’s server experience downtime as they’re not enough to meet those ever increasing demand and consequently the worldwide launch is on standby.
With that in mind, the game is officially only available in the US, New Zealand, UK and Australia. However, those who are outside these official channels desperately had an itch to go hands-on with the game. This eagerness leads them to downloaded the game by “side-loading” it, allowing the phone to install the game from “unknown sources”.
All hunky dory. And all hail the internet right. However, the researchers over Proofpoint discovered an maliciously modified Android version of the game. This specifically infected app was modified to included the malicious remote access tool (RAT) called DroidJack, which would give hackers full control over your smartphone.
To make things even worse, the probability of it to be present on your phone is very likely as its been uploaded within 72 hours of the official release.
“Unfortunately, [side-loading] is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices” explains Proofpoint’s report. “Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.”
For some of you worried whether or not yours one is the malicious one here are two simple steps to take into count to verify whether the game is legit or not.
For the Geeks:
First step you can do is to check the SHA256 hash value of the game you’ve downloaded on your phone.
Thee legitimate application has a hash of:
8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67
The malicious APK that Proofpoint analyzed has a SHA256 hash of:
15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4
In case you don’t know how to do this geeky stuff, the second step comes handy to you.
For everyone else:
You can also verify the game by cross-checking the permissions you’ve compromised with that naughty app compared to the original one. Simply go to your phone’s application manager accessible by going through Settings –> Apps –> Pokémon GO and then scroll down to Permissions section.
Here are the permissions granted to the official app:
Well, depending on your phone’s configuration, these permissions are subject to change; for instance, the permissions “Google Play billing service” and “receive data from Internet” are not shown in the image but were likely to appear on another device when downloading Pokemon GO from the Google Play Store, as observed by Proofpoint.
And here are the unwanted permissions granted to malicious Pokémon GO app (outlined):
The outlined permissions (as seen above) have been
added by DroidJack. Seeing those permissions granted to the Pokemon GO app could indicate that the device is infected, although these permissions are also subject to change.
Lastly, the infected Pokemon GO APK has been modified in such a way that, when you launched it, you can’t identify whether its a infected one or the legitimate one.
Want to see how the infected app looks like, then here you go:
All in all, I suggest you to wait for it to be officially available in your region in order to stop handing your confidential information in to the filthy hands of hackers.
Source: Proofpoint
1 comment