‘DroidJack’ Malware On ‘Pokémon Go’ For Android Could Be Acquired Through Unofficial Installation Methods

8.5
  • Android
  • iOS
  • Open World
2016-07-06
pokemon go
Pokémon Go logo Flickr

The world appears to currently be divided into two groups, those playing Pokémon Go and those not indulging in the recently released augmented reality mobile game by Nintendo. The game is currently available in the U.S., Australia and New Zealand only, leaving many prospective Pokémon masters anxious to get the game by any means necessary. However, security firm Proofpoint claims this may not be the best idea.

Last week, iDigitalTimes recommended against users unofficially installing Pokémon Go on Android devices by sideloading the APK (Android application package), due to the risk of downloading malware. According to Proofpoint, the threat has emerged in the form of a malware called “DroidJack,” a remote access tool (RAT) that would allow a malicious users to gain full control of an infected smartphone.

The main threat from sideloading applications onto a smartphone is that users must open certain security permissions to install the unofficial software. In particular, users must enable the “unknown sources” options, allowing the device to accept and install third-party software. With this option selected, it users may unintentionally install compromised software onto their devices with the Pokémon Go APK.

So far, the security firm claims  it has seen no public attacks through DroidJack. However, the code was discovered within a malicious file repository on July 7, shortly after Pokémon Go released in New Zealand and Australia.

How will I know if my Android smartphone is infected with DroidJack?

There are currently two ways to detect the DroidJack malware. Users can access the Pokémon Go permission by accessing Settings -> Apps -> Pokémon GO and checking within the Permissions setting whether the application has permissions that shouldn’t have been granted. Proofpoint notes that permissions, such as “Google Play billing service” and “receive data from Internet” likely shouldn’t be granted for the official app; however, they may be on a  DroidJack infected device.

A more advanced method requires users compare the “SHA256 hash” secure algorithm to the unofficial APK to that of the official Pokémon Go APK.

What do I do if I my Android smartphone is infected with DroidJack?

At this point there does not appear to be a fix for the malware. Proofpoint claims the infected APK has not been spotted in the wild.

What you can do to protect your Android smartphone

Users that live outside of the three countries where Pokémon Go is currently available are most susceptible to having their devices infected. At this time, it is still recommended that users not sideload any third party, unofficial Pokémon Go applications before the game officially releases in their county.  

Join the Discussion