A malicious Android app that poses as a genuine Pokémon GO app has recently been discovered by security researchers at Proofpoint Security.
Pokémon GO is a new app developed for iOS and Android that lets users catch Pokemon in the real world using their device's camera. Ever since its release, many of its fans have been downloading the app, which is available from each platform's respective stores. However, there are instances where the app is not available within certain locations, which prompts people to utilize Android APKs, or raw Android application files. Users can install apps through this method, yet it runs the risk of contracting malware, hence the issue at hand.
Proofpoint warns users about an APK file that disguises itself as a real Pokémon GO app, which in reality installs a backdoor called DroidJack. The malware was discovered just 72 hours after it was released in New Zealand and Australia last July 4.
The firm highlights a few pointers that tells if a user installed the counterfeit version of the app. The DroidJack-injected Pokémon GO app requests for permissions to directly call phone numbers, receive, send, and modify SMS and MMS messages, as well as modify your contacts list. Moreover, the bogus app wants to record audio, read Web bookmarks, modify your Wi-Fi connections, and retrieve running apps at startup. As the post stated, these things are not connected in any way when it comes to how the real Pokémon GO app functions.
Deep within the app's file system, fake starter classes can be found, like "net. droidjack.server," which is responsible for connecting to the malware's Command and Control (C&C) Center. Lastly, to make it look more legitimate for the user, it displays a similar startup screen.
With these kinds of attacks, it's always best to stay protected, by only downloading apps from official app stores. While there have been instances where malware sneak into the store, app stores give at least users a better assurance that what they're downloading is safe.