Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices - a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

 

Comments 1

Maria Albert on Tuesday, 26 September 2017 23:37

Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these kinds of post. But really after long time I reached a site which provided me tremendous information as I all the time try to get. Now I can move on towards my pending task of searching elite mobile games development company UK. And absolutely would like to comeback on this soon as soon as getting my project.

Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these kinds of post. But really after long time I reached a site which provided me tremendous information as I all the time try to get. Now I can move on towards my pending task of searching elite [url=https://www.ingic.uk/mobile-games/]mobile games development company UK[/url]. And absolutely would like to comeback on this soon as soon as getting my project.
Already Registered? Login Here
Guest
Wednesday, August 15 2018

Captcha Image

Tag Cloud

Tip of the Week Security Technology Privacy Best Practices Cloud Business computing Google Software Microsoft Malware Network Security Backup Hackers Hardware Innovation Windows 10 Tech Term Internet Data Android Business Email Smartphones Hosted Solutions Business Continuity Browser Managed IT Services VoIP Alert Small Business Data Backup Smartphone Business Management Ransomware Office Cloud Computing Outsourced IT Mobile Devices User Tips Computers Disaster Recovery Computer Miscellaneous IT Services Productivity Efficiency Cybercrime Law Enforcement Communications Collaboration Cybersecurity Artificial Intelligence Chrome Router Productivity Data Recovery Money Passwords Managed IT Services Social Media Password Facebook Virtualization Windows Telephone Systems How To Network Upgrade App Internet of Things Health Communication Office 365 Gadgets Social Engineering Work/Life Balance Quick Tips Office Tips Connectivity IT Support Phishing Data Breach Microsoft Office IT Support Data Security Hacking Word Wi-Fi Private Cloud Data Protection Applications Vulnerability Bring Your Own Device Spam Windows 10 Workplace Tips Two-factor Authentication Apps Google Drive Automation Holiday Mobile Device Management HaaS Saving Money Keyboard Charger Battery Redundancy IT Management End of Support Spam Blocking Patch Management Server Avoiding Downtime History Paperless Office VPN Information Cleaning Remote Computing IT Plan Worker Operating System Scam PDF BDR Big Data Flexibility Comparison Computer Care Unsupported Software Website CES Legal Remote Monitoring Managed Service Provider Mobility Automobile Managed IT Government Samsung Electronic Medical Records Content Management Windows 7 Bandwidth Data Management Entertainment BYOD Public Cloud Business Intelligence USB Value Save Money Blockchain Networking Mobile Device Data Storage Marketing Identity Theft Update OneNote Infrastructure Employer-Employee Relationship Multi-Factor Security HIPAA Cryptocurrency Audit Evernote Smart Technology Current Events Video Games Audiobook How to Servers Excel Credit Cards Inventory Criminal IT solutions Physical Security Apple Workforce SaaS Worker Commute Tools Password Manager Trending Human Resources Experience Education Safe Mode Computer Fan Sync Wireless Charging Devices Two Factor Authentication Knowledge Wireless Internet Internet exploMicrosoft Risk Management Black Market HVAC Tip of the week Fraud Access Control Data loss Google Docs Machine Learning iPhone Accountants Managed Service Downtime Business Mangement Hiring/Firing Advertising Staff Music Computing Infrastructure Virtual Assistant The Internet of Things Cortana Thought Leadership Network Congestion Scalability Wire webinar Politics Rootkit Enterprise Content Management Windows 10s Windows Server 2008 Amazon Authentication Transportation Safety Screen Mirroring Relocation User Error YouTube HBO Telecommuting Books Assessment MSP Root Cause Analysis Gmail Employer Employee Relationship Wireless Software Tips Specifications Wearable Technology Telephone System FENG Telephony Monitor Google Apps IT Consultant Sports Conferencing Voice over Internet Protocol Training Password Management Amazon Web Services Nanotechnology Benefits Best Practice Cast Settings Outlook Remote Work Practices Television File Sharing Botnet Recovery Recycling Computer Accessories Emails Digital Signature Techology Users Skype Workers Addiction Leadership Information Technology Smart Office Vendor Management NIST Solid State Drive Flash Online Shopping Smart Tech Firewall Content Humor Internet Exlporer Bluetooth Search Frequently Asked Questions Hosted Computing Emergency Public Computer Meetings Travel Files eWaste Hybrid Cloud Millennials Encryption Troubleshooting Loyalty Virtual Reality Start Menu Data storage Cache Save Time Instant Messaging Document Management WiFi CrashOverride Thank You Congratulations Twitter Company Culture Compliance Managing Stress Augmented Reality Webinar Regulation

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

JeffereyANoah 5 Useful Cloud Apps for Small Businesses
15 August 2018
Sharing these type stuff is very useful and hope you will provide us more like this one. I come here...
Jared Albert VoIP Delivers Benefits That a Traditional Phone System Can’t
13 August 2018
A traditional telephone system is installed for the happiness of the people. Majority of the concern...
Meredith Maddox Tip of the Week: Tip of the Week: Mirror or Cast Your Android Device’s Screen
08 August 2018
Android mobile phones are top of the list now a days every one wants to buy android phone. It’s a bi...
MarianneJCruz Tip of the Week: Got a Solid State Drive? Here’s How to Take Care of It
31 July 2018
What a review https://www.uk.com/how-do-you-do.html
Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.