Android users warned of malicious Pokémon Go app

Security researchers at Proofpoint have discovered a malicious Pokémon Go app that installs a backdoor on Android devices:

Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone.

The malicious app hasn’t sneaked its way onto the official Google Play store, so any victims would need to install it from an unofficial third-party store.

Although Proofpoint says that it hasn’t seen any reports of the malicious app infecting users in the wild, the current mania for Pokémon Go (its international roll-out is apparently being “paused” while Nintendo wrestles with its overloaded servers) may mean that there are some avid gamers who could put themselves at risk.

Sign up to our free newsletter.
Security news, advice, and tips.

The official Android Google Play store doesn’t have a spotless record when it comes to keeping malware out, but it certainly appears to do a better job than many of the unpoliced unofficial Android app stores out there.

If you’re an Android user and care about your security and privacy, only download apps from a legitimate store and always pay attention to the permissions they request.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.