News  Android
Pokémon Droidjack

Massive hit app attracts the bad guys

All of a sudden, Pokémon Go is everywhere! It's bigger than Tinder and about to topple Twitter in the number of daily users.

This is fantastic news for Nintendo, whos fortunes have been flagging recently and really needed the shot in the arm this game gave them. However, as with all things app-wise, with such a massive user base the malware guys suddenly get very interested too, and they have been quick to jump on the craze with a hacked version for Android found in the wild.

The APK discovered contained the "DroidJack" remote access tool (RAT) which enabled the attacker to gain complete control over their smartphone or tablet. It was first discovered by researchers at Proofpoint.

Users dropping their guard

There was so much hype surrounding this game that users in countries where it wasn't available were throwing caution to the wind and passing the APK around using shared online storage and messaging attachments. Everyone knows, or should know, the first line of defense in malware is to only install apps from an official app store. It seems the desire to get it meant this advice wasn't heeded, and that's when the malware authors saw their chance. Google has confirmed the Play Store version of the app does not contain malware.

The infected version of the APK was discovered only 72 hours after its release on July 4th.

The nature of the game is such that malware isn't the only thing users need to worry about. It is designed to get them out and about, hunting for Pokémon by following clue on maps. Criminals also picked up on this aspect by luring victims to remote areas before robbing them. The BBC reports:

It is believed these suspects targeted their victims through the Pokemon Go smartphone application. Apparently they were using the app to locate people standing around in the middle of a parking lot or whatever other location they were in.

Pokémon Droidjack

Real world

The compromised version analyzed looks and behaves just like the real app, but requests extra permissions and has malicious code added to it. These are the permissions an excited player would likely overlook during the install process, such as make phone calls and send text messages. The end result is loading an application onto their Android device with the ability to take control of it.

DroidJack, repurposed

DroidJack is actually and old strain of malware.

Proofpoint said on their blog:

Cybercriminals can take advantage of the popularity of applications like Pokémon Go to trick users into installing malware on their devices. Bottom line, just because you can get the latest software on your device does not mean that you should. Instead, downloading available applications from legitimate app stores is the best way to avoid compromising your device and the networks it accesses.