Android users warned of malicious Pokémon Go app

Security researchers at Proofpoint have discovered a malicious Pokémon Go app that installs a backdoor on Android devices:

Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone.

The malicious app hasn’t sneaked its way onto the official Google Play store, so any victims would need to install it from an unofficial third-party store.

Although Proofpoint says that it hasn’t seen any reports of the malicious app infecting users in the wild, the current mania for Pokémon Go (its international roll-out is apparently being “paused” while Nintendo wrestles with its overloaded servers) may mean that there are some avid gamers who could put themselves at risk.

Sign up to our free newsletter.
Security news, advice, and tips.

The official Android Google Play store doesn’t have a spotless record when it comes to keeping malware out, but it certainly appears to do a better job than many of the unpoliced unofficial Android app stores out there.

If you’re an Android user and care about your security and privacy, only download apps from a legitimate store and always pay attention to the permissions they request.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.