Fake Pokémon Go app contains RAT; takes full control of infected device

Alert for Pokémon Go app users on Android — Cyber criminals have uploaded a fake copy of Pokémon Go gaming app which is actually infected with RAT that has a unique capability of taking over the smartphone!

The new Pokémon Go app was recently released for iOS and Android devices but who could have predicted that it would become such a massive hit that the developers will be facing server overload — But with fame comes haters and Pokémon Go caught the attentions of cyber criminals.

Pokémon Go app was released on July 4th in Australia and New Zealand and on 6th July in the United States while users in other countries were looking forward to a copy to enjoy the reality game and that’s when an IT security firm Proofpoint caught cybercriminals distributing an infected version of Pokémon Go’s Android app.

Researchers discovered the app has a specific APK which was altered to inject a remote access tool (RAT) called DroidJack or SandroRAT which upon installing allows intruders to take full control of user’s device.

DroidJack was first identified in 2014 by firms like Symantec and Kaspersky targeting users in India.

Although Google Play Store is full of the third party infected apps the key issue with the fake Pokémon Go app and what makes it a bigger threat is that the game hasn’t been released worldwide and users may be tempted to download any app at the first site without checking its authenticity. In order to install an APK users have to allow the device to allow side-loaded apps which allow malicious programs to install within.

If you have installed the fake Pokemon GO app then you have already allowed it to take pictures, videos, track your location, modify or delete the content on your device, view network connection, access Bluetooth settings pair with Bluetooth devices and even control vibration.

Image Source: Proofpoint

Image Source: Proofpoint

“Bottom line, just because you can get the latest software on your device does not mean that you should,” the company wrote. “Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.”

To avoid infecting your device with such software do not download third party apps as Google Bouncer (Google Bouncer is an automatic app testing system that detects inherent security issues of the device) is known for slow scanning of apps on Google Play Store. 

This is not the first time when cyber criminals have used such tactics to infect users, in the past famous ”Be Like Bill Facebook Meme App” was also used to spread malware on a large scale.

There’s more on researchers official site on this app, have a look here.

Related Posts