Infracore LLC Blog

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices - a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

New High Score for Microsoft: More Than 44% of All...
Tip of the Week: Why You Should Rethink Routinely ...
 

Comments 1

Maria Albert on Tuesday, 26 September 2017 23:37

Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these kinds of post. But really after long time I reached a site which provided me tremendous information as I all the time try to get. Now I can move on towards my pending task of searching elite mobile games development company UK. And absolutely would like to comeback on this soon as soon as getting my project.

Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these kinds of post. But really after long time I reached a site which provided me tremendous information as I all the time try to get. Now I can move on towards my pending task of searching elite [url=https://www.ingic.uk/mobile-games/]mobile games development company UK[/url]. And absolutely would like to comeback on this soon as soon as getting my project.
Already Registered? Login Here
Guest
Saturday, October 20 2018

Captcha Image

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Business computing Network Security Malware Hackers Google Microsoft Software Innovation Internet Data Hardware Tech Term Backup Smartphones Email Windows 10 Browser Hosted Solutions Business Continuity Business Computer VoIP Android Mobile Devices User Tips Alert Workplace Tips Data Backup IT Services Managed IT Services Small Business Productivity Miscellaneous Communications Smartphone Office Ransomware Outsourced IT Business Management Computers Disaster Recovery Cloud Computing Artificial Intelligence Efficiency Data Recovery Communication Law Enforcement Cybercrime Windows 10 Facebook Virtualization Windows How To Internet of Things Productivity Network Money Passwords Telephone Systems Router Social Media Chrome Collaboration Cybersecurity Managed IT Services Password Applications Quick Tips Saving Money Upgrade Work/Life Balance Server Health App Gadgets Social Engineering Office 365 Automation Connectivity Information Mobile Device Management Apps Bring Your Own Device HaaS Save Money Office Tips Phishing IT Support Holiday Word Data Protection IT Support Data Security Microsoft Office Keyboard Private Cloud Hacking Two-factor Authentication Wi-Fi Scam Data Breach Vulnerability Spam Google Drive BYOD Computer Care Data Management Data Storage Paperless Office End of Support VPN OneNote Electronic Medical Records Mobile Device History Samsung Redundancy Managed Service Bandwidth IT Management Fraud Training Marketing Virtual Assistant Avoiding Downtime BDR Entertainment Spam Blocking Battery Comparison USB Value Website PDF CES Firewall Networking IT Plan Telephone System Sports Operating System Employer-Employee Relationship Remote Computing Managed Service Provider Content Management Unsupported Software Charger Government Patch Management Flexibility Remote Monitoring Managed IT Business Intelligence Blockchain Legal Cleaning Update Public Cloud Mobility Automobile Identity Theft Worker Windows 7 Encryption Settings Infrastructure Big Data Skype Multi-Factor Security HIPAA Remote Worker Network Congestion Best Practice Emails Files Evernote Music Servers Flash Hybrid Cloud Criminal Transportation Safety Data storage Credit Cards Politics Inventory Rootkit Solid State Drive Password Manager Books Safe Mode Assessment Techology Users Meetings Travel Workforce Wireless Internet Employer Employee Relationship Warranty Information Technology Frequently Asked Questions Start Menu Trending Human Resources Wiring IT Consultant Content Wireless Charging Wearable Technology HVAC Devices Audit Apple Google Docs Benefits Machine Learning Access Control Search Internet exploMicrosoft Business Mangement Television Virtual Reality Wire Accountants Computer Accessories Printer Instant Messaging Excel Tools Staff Unified Threat Management Leadership Video Games Audiobook IT solutions Physical Security Cortana Enterprise Content Management Thought Leadership Computer Fan Sync iPhone MSP Amazon YouTube Authentication Vendor Management How to Advertising Gmail Emergency Public Computer Worker Commute Data loss Telecommuting Bluetooth Mouse Tip of the week Education Downtime Specifications Save Time Mobile Computing Relocation User Error Google Apps Troubleshooting Password Management Loyalty The Internet of Things Voice over Internet Protocol Smart Technology File Sharing Current Events webinar Amazon Web Services Nanotechnology Black Market Recovery Recycling Screen Mirroring Monitor Remote Work Smart Office Practices Windows 10s Windows Server 2008 Computing Infrastructure Root Cause Analysis Digital Signature Camera Scalability HBO Workers NIST Addiction SaaS FENG Telephony Two Factor Authentication Augmented Reality Knowledge Conferencing Software Tips Online Shopping Experience Smart Tech eWaste Cast Risk Management Document Management Hosted Computing Wireless Botnet Millennials Hiring/Firing Outlook Humor Internet Exlporer Cryptocurrency Cache WiFi Webinar CrashOverride Thank You Congratulations Twitter Company Culture Compliance Administrator Managing Stress Regulation Printers

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

JeffreyKGuertin Tech Term: Modems and Routers Defined
18 October 2018
Thank you so much for defining here the modems and routers to give us better information about this....
Shay Stuart How the Convenience of The Internet of Things Can Come Back to Bite Us
17 October 2018
This is a very important share that delivers facts about the utilization of internet tools in differ...
Isla Tait It Pays to Outsource Your IT
15 October 2018
New IT project that show us a new outcome that has been to prepare this setup that was god to know o...
ClarenceEHaynes 11 Ways to Enhance Android Security
15 October 2018
I really impressed from your working, after reading this 11 ways to enhance android security and dis...
technicalsupport VoIP Delivers Benefits That a Traditional Phone System Can’t
13 October 2018
http://Www.Office.Com/Setup | Microsoft http://Office.Com/Setup :- Office setup suite is an importan...