Security researchers at Proofpoint have discovered a malicious Pokémon Go app that installs a backdoor on Android devices:
Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone.
The malicious app hasn’t sneaked its way onto the official Google Play store, so any victims would need to install it from an unofficial third-party store.
Although Proofpoint says that it hasn’t seen any reports of the malicious app infecting users in the wild, the current mania for Pokémon Go (its international roll-out is apparently being “paused” while Nintendo wrestles with its overloaded servers) may mean that there are some avid gamers who could put themselves at risk.
The official Android Google Play store doesn’t have a spotless record when it comes to keeping malware out, but it certainly appears to do a better job than many of the unpoliced unofficial Android app stores out there.
If you’re an Android user and care about your security and privacy, only download apps from a legitimate store and always pay attention to the permissions they request.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.