Looking To Catch ’em All In Pokemon Go, Beware Of Malicious Apps For Android

The story begins with the malicious Pokemon Go app installing backdoor for hackers on Android devices. Researchers are warning would-be Pokemon Trainers that a malicious, backdoored version of the massively popular game Pokemon Go could be making the round soon.

Encountered by Pokemon Go Android APK of the game. It has been rigged with a remote access tool (RAT) called Droidjack that if installed, could essentially give an attacker complete access to a victim’s phone.


This is an augmented reality game Pokemon Go is based around the 20-year-old media franchise, Nintendo, hasn’t even beed out in the US for a week yet but has already acquired its biggest place in mobile gaming that its server have been repeatedly bogged down. More surprisingly, the game itself has apparently already been added nearly 1.1 billion dollars to the value of Nintendo plus Niantic offering, the app’s owner, since been released for download.

Researchers with the firm Proofprint warns that while the APK hasn’t been stopped in the wild yet, it has been seen on malicious file repositories, meaning that it could only be a matter of time until its spread online.

The software company Niantic Inc has also created the game with Nintendo, has paused the game’s worldwide rollout. Currently the game is only available in the United States, Australia, and New Zealand, meaning users in other regions may be more tempted to sideload APKs of the Pokemon Go game from illegitimate channels.

It also claims that the backdoored Pokemon Go app communicates with a command and control domain hosted on a dynamic IP address in Turkey. That dynamic IP space can usually be used for botnets, spamming, and other vulnerable activity. With that said, in this case the domain is hosted on N0-IP.org, a site cybercriminals have used in the past to obscure malware operations.

Here what we are going to teach is on how to fix it and check whether the same malicious content attacked your device. Simply go to the app’s “Permissions” settings in order to verify whether or not a sideloaded version of the game is infected. The malicious APK asks to be able to view Wi-Fi connections, to connect and disconnect from wireless network. Change network connectivity, and also to retrieve information on running apps.

The infected Pokemon Go’s startup screen is identical to the real game, otherwise, you admit that your Android device is attacked.

Finally, it’s a scary proof of concept.

Even though this APK has not been observed in the wild, it represents an important proof of concept: namely, that cybercriminals can take advantage of the popularity of applications like Pokemon GO to trick users into installing malware on their devices,” Proofpoint’s blog reads.

Update x1: Germany is now the first country in Europe to get Pokemon Go. The game is now available on German version of both the Android Play Store and iOS App Store.

You may also like to check out: