Massive success means a massive target for hackers: Pokémon Go Malware

By August 26, 2016 Article

I’m guessing you’ve heard of a little mobile game that goes by the name Pokémon GO. If you haven’t, you probably haven’t looked at the news for a while, and yes, this is what all those clusters of people walking the streets holding up their phones are doing. This augmented reality mobile game, originating from the extremely popular Pokémon Gameboy game, has become a global phenomenon. However, as you might imagine, anything that explodes onto the scene and becomes immensely popular also becomes a huge target for hackers.

Here’s how it happened: The game publishers used a staggered launch so they could help ensure server stability for the game. This means Pokémon GO wasn’t rolled out to everyone all at once—only residents of Australia and New Zealand could play initially. Anxious wanna-be players all over the world couldn’t wait for their chance to get in the game, so third-party websites started offering game downloads (not the official app stores) giving those anxious gamers a jump start on their fun.

Now some of these downloads were legitimate, but the security firm Proofpoint discovered that a piece of malware called DroidJack was injected into some versions, and, you guessed it: the malware grants full access to a user’s Android phone. The app itself acts perfectly normal, it just requests extra permissions that you might overlook when hastily installing the software.

If you are one of the individuals who installed Pokémon GO prior to its official release via a third-party site, you may want to check your permissions. Go to your Settings > Apps > Pokémon GO > Permissions to see exactly what you’ve granted access to. If you see a wide range of granted permissions that means your version was likely infected by malware. You should delete the app immediately. The game is now out in the U.S. and you can safely re-download it from the Google Play store.

However, don’t be fooled into thinking this was the ONLY infected Pokémon GO app. There are other apps related to Pokémon GO that aid your Pokémon-catching adventures so you can progress faster in the game…

As I mentioned before, the Pokémon GO app itself might be safe now if you get it from the App Store or Google Play store, but a few apps have been created to aid or enhance the main Pokémon GO app. Apps on the Google Play store such as “Pokémon Go Ultimate,” “Guide & Cheats for Pokémon GO,” and “Install Pokémongo” were found to be malicious. Though these apps were removed from the Google Play store after being spotted by security researchers at ESET Mobile Security, they were still downloaded and used.

“Pokémon Go Ultimate” would lock users out of their phone and the only way to fix this was to remove the battery and uninstall from Android’s settings afterwards. Unless it was uninstalled, the app would still run in the background and click on ads.

Other apps would make false promises for generating in-game content, but instead would send fraudulent pop-ups or download other apps and scams.

You should always remain vigilant when installing apps or software from third-party sites (more times than not it is best to just not install it), and if something seems too good to be true on the Google Play store, approach it with caution. More and more infected apps or fake apps are tricking users into downloading them.

The main point is that with popularity, growth, and an audience, any company will have a larger bullseye painted on them by hackers. At this point, it’s almost expected that every company will eventually face some sort of cyber threat.

If you have concerns about your company’s ability to ward off threats and be protected, please give us a call. We can help.