Hackers are already using Pokemon Go to infect Android devices with malware


Pokemon Go may already be the most popular game ever created for a smartphone but those who are unable to wait for its official release in Thailand and have resorted to downloading it from unofficial third party app stores could be unnecessarily putting themselves at risk.

Cyber security firm Proofpoint has warned people that they could potentially become a victim of cyber crime after it discovered copycat apps of the game that had been infected with malware.

The apps, which are available to download via unofficial Android app stores contain a strain of malware that could give hackers remote access to your phone.

The malicious app installs a tool called Droidjack onto your phone. Hackers can then use this to take control of the device and harvest any of your personal data such as passwords, credit card details and photos.

Some users are so desperate to play Pokemon Go that they have been downloading an APK and manually installing the app on their Android device, prior to the official release in their country.

However, doing this means that they are likely to have downloaded it outside of the Google Play Store, which increased the chances of a device being infected with malware or other viruses.

Proofpoint warned against downloading a Pokemon APK, saying: “should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised.”

If you are concerned you may have downloaded a malicious version of Pokemon Go, Proofpoint says you can look at the hash number of the APK file.

“The legitimate application that has been often linked to by media outlets has a hash of 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67, although it is possible that there are updated versions already released. The malicious APK that we analyzed has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4.

“Installing apps from third-party sources, other than officially vetted and sanctioned corporate app stores, is never advisable.

“Cybercriminals can take advantage of the popularity of applications like Pokémon GO to trick users into installing malware on their devices.”

While no official release date of the game has been announced for Thailand, its makers has said it will be released in the UK and Japan “in a couple of days”.



Comments are closed.