If you’ve been itching to play Pokemon Go from The Pokemon Company, Niantic Labs and Nintendo, but the game isn’t available in your region… do not download the app’s apk file through any third-party means other than through the official distribution channels.
ProofPoint has supposedly come across an exploit tucked away inside the Pokemon Go apk that was distributed by a third party. Some people are posting the game up on torrent or warez sites, hoping to get the game up and out to others who live in regions where the game is not available.
According to ProofPoint…
“[…] researchers discovered an infected Android version of the newly released mobile game Pokemon GO [1]. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone.”
The report notes that the file was uploaded on July 7th, shortly after the game was released in New Zealand and Australia. It was laced with the Droidjack hijacker, where they found a link within the file to “net.droidjack.server”
Additionally, they noted that the infected version of Pokemon Go has very different security access clearance to your phone compared to the standard version of the game. They released comparison images with the one on the left being for the original official app and the one on the right being for the infected app.
If you notice that the one on the right accesses more than what it should, including your start-up apps, your Wi-Fi connections, the ability to change how your phone connects to a network, and most dangerous of all: access to retrieving apps without your permission.
This is a very dangerous hijacker and has been labeled in the past by the likes of Kaspersky and Symantec – amongst others – as a tool used to control and takeover phones.
If you were one of the unlucky ones to download Pokemon Go from an unofficial source, be sure to head into your phone’s settings, go into the apps section and then check the privileges and app access for Pokemon Go to see if it accesses your phone’s features like the image on the left or the image on the right. If it has permission to access content like your Wi-Fi connection or start-up apps, you have the version with the Droidjack NAT on it, and it would probably be best to get rid of that version of Pokemon Go as quickly as possible.