Researchers find remote access tool in modified Pokémon Go APK

Researchers have found a malware-infected version of Pokémon Go for Android, which has the potential to infect the phones of those looking to download the game outside of Google Play. A particular Pokémon Go APK seems to have been modified to include the so-called DroidJack malicious remote access tool (RAT), also known as SandroRAT. The tool could allow an attacker to gain access to your phone.

From Proofpoint:

In this case, Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim's phone.

After side-loading the APK, the version of Pokémon Go that a person sees appears identical to the uninfected version. Of course, under the surface the malicious app grants itself loads of additional permissions and can compromise your phone. Researchers note that if an infected phone were taken onto corporate networks, other devices attached to that network may also be at risk. Thankfully, Proofpoint also says that to its knowledge this APK has not yet been seen out in the wild just yet, despite numerous website hosting Pokémon Go APKs for people to side-load.

So while Pokémon Go's staged rollout may be making you impatient, it's worth waiting for it to show up in Google Play in your country, rather than attempting to grab it through unofficial means and potentially get bitten by a malicious version. (This is just generally good advice, Pokémon Go or otherwise.) If you side-loaded the APK before it was widely available, we recommend you review the permissions of your app, or uninstall it altogether in order to receive the proper version from Google Play.

Joseph Keller