Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices - a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

 

Comments 1

Maria Albert on Tuesday, 26 September 2017 23:37

Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these kinds of post. But really after long time I reached a site which provided me tremendous information as I all the time try to get. Now I can move on towards my pending task of searching elite mobile games development company UK. And absolutely would like to comeback on this soon as soon as getting my project.

Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these kinds of post. But really after long time I reached a site which provided me tremendous information as I all the time try to get. Now I can move on towards my pending task of searching elite [url=https://www.ingic.uk/mobile-games/]mobile games development company UK[/url]. And absolutely would like to comeback on this soon as soon as getting my project.
Already Registered? Login Here
Guest
Monday, June 25 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Business computing Google Software Microsoft Malware Network Security Hackers Backup Windows 10 Internet Smartphones Business Email Android Managed IT Services Hardware Alert Data Small Business Business Continuity Browser Innovation Hosted Solutions Disaster Recovery Business Management Smartphone Office Computer VoIP Computers Ransomware Outsourced IT User Tips Efficiency Cloud Computing Law Enforcement Tech Term Cybercrime Productivity Communications Telephone Systems Router Productivity Data Backup How To Cybersecurity Artificial Intelligence Collaboration Virtualization Chrome Money Mobile Devices IT Services Office 365 Miscellaneous Upgrade App Passwords Health Data Recovery Communication Password Social Media Internet of Things Managed IT Services Quick Tips Windows Work/Life Balance Facebook Social Engineering Vulnerability Spam Network Data Protection Automation Office Tips Saving Money Mobile Device Management Connectivity Data Security Private Cloud Hacking Holiday Google Drive Windows 10 HaaS Wi-Fi IT Support Two-factor Authentication Workplace Tips Apps Phishing Word Data Breach Bring Your Own Device Windows 7 Samsung Bandwidth Legal BYOD Charger Value Keyboard End of Support Applications Networking Patch Management Business Intelligence Redundancy Cleaning Avoiding Downtime Scam Mobile Device Computer Care VPN Government Remote Monitoring Entertainment Remote Computing Gadgets USB Public Cloud CES Website Marketing Automobile Content Management Update Data Storage OneNote History Data Management IT Management Employer-Employee Relationship Spam Blocking Worker Identity Theft Infrastructure Flexibility Big Data PDF IT Plan Operating System Battery Mobility Electronic Medical Records Server Managed Service Provider Unsupported Software Managed IT Microsoft Office Comparison Vendor Management Authentication Amazon Computing Infrastructure Gmail Humor Botnet Emergency Sports Internet Exlporer Emails Save Time Specifications Flash Solid State Drive Nanotechnology Data storage Amazon Web Services Recycling Travel Meetings Smart Office Digital Signature Best Practice Audit Loyalty Experience Smart Tech Online Shopping Internet exploMicrosoft Users eWaste Current Events Document Management IT solutions Hiring/Firing Content Encryption Millennials Physical Security Sync Computer Fan SaaS Music Search Evernote Paperless Office Advertising Virtual Reality Criminal Data loss Knowledge Transportation IT Support Employer Employee Relationship Wireless Audiobook Video Games Workforce Wireless Charging The Internet of Things Wearable Technology Devices How to Machine Learning Worker Commute Google Docs Screen Mirroring Network Congestion Benefits Computer Accessories Accountants BDR HBO Cortana Telephony FENG Techology Assessment Thought Leadership Black Market YouTube Recovery Cast IT Consultant Firewall Settings Bluetooth Scalability Telecommuting Outlook Google Apps Skype Television Troubleshooting Files Smart Technology Hybrid Cloud Voice over Internet Protocol Leadership Practices Remote Work Frequently Asked Questions Workers Start Menu Public Computer Addiction Two Factor Authentication Blockchain Apple Risk Management Hosted Computing Excel Tools Cache Servers HIPAA iPhone Multi-Factor Security Tip of the week Rootkit Politics Inventory Instant Messaging Credit Cards Password Manager Relocation Downtime Books Wireless Internet User Error webinar HVAC Human Resources Trending Windows Server 2008 Windows 10s Training Access Control Monitor Fraud Education Business Mangement Root Cause Analysis Safety Wire Conferencing Save Money Information Technology Staff Software Tips Password Management Webinar NIST Thank You WiFi Congratulations Twitter Company Culture Managing Stress CrashOverride Enterprise Content Management

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.
Maria Albert Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
26 September 2017
Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these...
nathan dwyer Your Guide To Mobile Device Management as an SMB
07 September 2017
I come here after quite a while since 2016 and entire this term i have miss the chance to get inform...