The recent Pokemon Go craze may’ve come with its fair share of PSAs, but the game is also being used to spread malware on Android.
According to Proofpoint, a security research firm, an infected APK installation file of the game has been making the rounds on the internet, enticing those in countries that haven’t yet seen the game’s official launch.
No ad to show here.
“This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone,” the company explains.
“Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.”
While Proofpoint does suggest this dirty APK file hasn’t been circulating “in the wild”, it was uploaded to a malicious file repository site about three days after the game launched Down Under.
Related: Here’s how to install Pokemon Go on your Android phone
Proofpoint suggests that users test the SHA256 hash (effectively a file ID number) and take a look at the app’s Android permissions to determine if the APK they’ve used is indeed safe.
The SHA256 hash of the safe file should read 8BF2B0865BEF06906CD854492DECE202482C04CE9C5E881E02D2B6235661AB67, and not 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4 — the hash of the modified file.
If you’re concerned that the Pokemon Go APK file you’ve downloaded might be sketchy, you can check and compare the SHA256 hash using Hash Droid on Android, or Quick Hash GUI on Windows.
Dodgy permissions to look out for include “read your Web bookmarks and history,” “retrieve running apps” and “run at startup”. These can be located in the app’s info section in your device’s Settings.
Feature image: John Valentine II via Flickr
