Skip to main content

Researchers find remote access tool in modified Pokémon Go APK

Researchers have found a malware-infected version of Pokémon Go for Android, which has the potential to infect the phones of those looking to download the game outside of Google Play. A particular Pokémon Go APK seems to have been modified to include the so-called DroidJack malicious remote access tool (RAT), also known as SandroRAT. The tool could allow an attacker to gain access to your phone.

From Proofpoint:

In this case, Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim's phone.

After side-loading the APK, the version of Pokémon Go that a person sees appears identical to the uninfected version. Of course, under the surface the malicious app grants itself loads of additional permissions and can compromise your phone. Researchers note that if an infected phone were taken onto corporate networks, other devices attached to that network may also be at risk. Thankfully, Proofpoint also says that to its knowledge this APK has not yet been seen out in the wild just yet, despite numerous website hosting Pokémon Go APKs for people to side-load.

So while Pokémon Go's staged rollout may be making you impatient, it's worth waiting for it to show up in Google Play in your country, rather than attempting to grab it through unofficial means and potentially get bitten by a malicious version. (This is just generally good advice, Pokémon Go or otherwise.) If you side-loaded the APK before it was widely available, we recommend you review the permissions of your app, or uninstall it altogether in order to receive the proper version from Google Play.

22 Comments
  • Glad I waited. People were posting links from all over the place when the game was released. Though, what is a non-shady source? Like I know a ton of people use APKmirror. I assume that's safe but I have no idea of knowing.
  • See my reply below re: APK from APK Mirror.
  • An APK from an nonofficial source is compromised???? I'm shocked!
  • Shady unofficial sources,what a surprise. Posted via the Android Central App
  • And serves them right. Can't help but to usher a big, loud "TOLD YOU SO!"
  • Hope people learn. That's a nasty one. Avoid sideloading unless absolutely necessary and from a trusted source Posted via the Android Central App
  • It would be interesting if the app from apk mirror was infected. Hopefully not. I'm glad I waited too I heard about the ban rumors but also figured U.S. version would be out quick and it was Posted via the Android Central App
  • That's why u gotta tread with caution with those apk's Posted via the Android Central App
  • This malware was first discovered in Brazil, my brazilian cousin talked with me about this malware yesterday.
  • Thanks it's uploading now to app Morror will keep you posted
  • I used APKMirror to download it when it released first outside the US, but hey in case deleted it and downloaded it from the Play Store. It's bad to hear this sort of thing, but I'm glad it's been caught. Posted via the Android Central App
  • Honestly.....I can't blame the individuals who do this stuff....Pokemon has A LOT of popularity and fans....it was perfect. Posted via the Android Central App
  • By individuals, I mean the culprits of the malware. Posted via the Android Central App
  • Worse thing is, nobody will learn anything from this. Posted via the Android Central App
  • Nope. They won't. Ppl will keep clicking blindly on things they don't understand, sideloading stuff and visiting shady sites. Opening files from senders they don't know. Or giving all their details to supposed financial institutions / sites that claim you have won /inherited millions... Etc etc etc...
  • I'm still waiting for the game to be playable in Singapore on either Android or iOS :/
  • I sideloaded it from apk mirror. Hopefully it's safe. Posted via the Android Central App
  • Is the Apk mirror apk safe or not? Posted via the Android Central App
  • It is safe. Its really the only site that I trust if I can't get an app because of region restriction like HTC Sense Home and Nokia Z launcher. It checks the apk signature and is hosted by AP which is a trusted android news site. Posted via the Android Central App
  • thanks for the apt
  • I have a suspicion that these are all created by antivirus companies so they justify their existence to home users lol
  • I have a Nexus 7 Tablet that isn't supported and I can not install the game directly from Google Play. That forces myself and many others to try and find a suitable APK to sideload. If they made this APK available to download, even if they don't think that your tablet is compatible, that would remove the entire malware issue. As of now, we have no other alternative if we wish to play the game.