Security Researchers Warn Against Hacked Pokémon Go APKs

Advertisement
Advertisement

Pokémon Go is the latest 'it' game on mobile platforms right now, but unfortunately, it's not yet officially available in all regions around the world. Although the game's APK file is widely available on the internet to be downloaded and installed on Android devices in a process referred to as 'side-loading', reports from around the world now seem to be suggesting that many are being duped into downloading dubious files from less-than-reputable sites by unscrupulous developers, taking advantage of the wild popularity the game is already enjoying among mobile gaming enthusiasts worldwide. What's really disconcerting is that even those looking to download the app from Google Play are finding it hard to distinguish between a whole gamut of fake apps that apparently are listed with very similar names and icons as the official app from Niantic.

While gamers in countries like the U.S. – where the app is officially available on Google Play – only need to make sure they download it from the official source, users elsewhere, like in Europe, the U.K. and Canada have a tougher task. They'll likely want to get their hands on the all-conquering app right now (and many already have), but because Niantic hasn't officially made it available in these regions as yet, they're having to resort to getting the APK file from various Android APK hosting sites and / or cyber-lockers, many of whom do not perform due diligence before listing such files on their sites.

Advertisement

This has now resulted in malware-infested hacked versions of the game doing the rounds on the internet, and chances are, many unsuspecting users are already falling prey to cybercriminals who're using the popularity of the game to advance their nefarious designs. Security researchers have already warned against at least one such infected version of the game, where the APK file was modified to include a malicious piece of software called DroidJack (also known as SandroRAT). It happens to be a remote access tool (RAT) that researchers believe can "virtually give an attacker full control over a victim's phone". Thankfully, however, the DroidJack-infected version of Pokémon Go hasn't yet been spotted in the wild, but with so many APK download sites starting to host the popular app, it wouldn't be a surprise if some other malware-ridden versions find their way on to the mobiles of unsuspecting gamers soon.

Users can safeguard themselves by downloading the app only from the official Google Play Store, but even then, you'll need to make sure the developer happens to be 'Niantic'. The listing page for the app on Google Play should also have the 'Top Developer' badge, making your job a lot easier. Those willing to side-load the app (in regions where it isn't officially available on Google Play) need to make sure that they do so strictly from legitimate sites that do not host pirated or patched APKs. Many of these sites also display the virus-check results next to every listing. While that will still not rule out all chances of getting saddled with some pesky malware, it should significantly reduce chances of that happening. Users willing to download the officialPokémon Go app from Niantic can do so from the following link.

Google Play Button - AH - New

Advertisement