Malware-infected Pokemon Go Android app spotted
Pokemon Go is yet to be officially available in the Philippines therefore excited Android users are willing to side-load APKs downloaded outside Google’s Play Store. You might want to be careful though as a modified app infected with malware was spotted which has the capability to hijack your device.
The infected Pokemon Go Android app was spotted by Proofpoint – a security software company based in Sunnyvale, California. According to their findings, the infected app includes a “malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone.”
Proofpoint said that the infected app was not observed in the wild but was uploaded to a a malicious file repository service on July 7, 2016 with a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4 (the legitimate app has a SHA256 hash of 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67).
Users can also check the app’s permission settings to identify if it is infected. The image below shows the permissions settings of a legit app:
The permissions of an infected app has access to more settings including calls, SMS, audio recording, contacts, web bookmarks and history, and WiFi. See image below.
Users are advised to be careful when downloading and side-loading apps. To be sure, you can wait for the official release and download it straight from the Google Play Store when it becomes available.