The game's limited release schedule is also at fault

Jul 8, 2016 18:00 GMT  ·  By

In a rush to get the recently released Pokemon GO Android app, some users are disregarding basic security tips and installing the app from unofficial and potentially dangerous sources.

Pokemon GO is the first Pokemon game recognized by Nintendo for iOS and Android devices. Unfortunately, Nintendo didn't release the game in all countries at once but opted for a limited release schedule.

On July 4, Nintendo launched the game for Australia and New Zealand, and on July 6, the app debuted for US users, with other countries to follow soon.

Three days later, malware-laced Pokemon GO versions appeared online

Security firm Proofpoint reports that, on July 7, three days after the game's official release, they discovered versions of the game distributed via unofficial channels that contained the DroidJack malware, a remote access trojan (RAT) that grants attackers control over an Android device.

There's reason for concern due to the huge interest surrounding this game. Various mobile and gaming news sites have published various tutorials in which they showed users how to download and install the game even if it wasn't available in their countries yet.

All these tutorials recommended users to download the APK from a non-Google Play URL, and modifying Android core security settings by allowing the OS to install apps from "untrusted sources."

It is believed that many of these tutorials were linked to malicious versions of the Pokemon GO app package that contained the DroidJack malware.

There's a way to detect if you've been infected

First and foremost users should never side-load Android apps, the process of installing apps from non-Google Play sources. Secondly, if they followed such tutorials, they should reverse the aforementioned option (Settings -> Security -> Unknown Sources), to avoid installing non-sanctioned apps in the future.

If you're one of the people who had their interest peaked by the Pokemon GO game and went on to install the game on your phone using one of those tutorials, you can easily check and see if you've installed a clean or malicious version of the app.

While there's a way to check the game's APK for the correct SHA256 hash, the easiest way is to check what permissions the game has required at installation time.

Just navigate to the Settings -> Apps -> Pokemon GO section and check the game's permissions. If you find that the game has asked for the permissions marked in red in the below screenshot, then you should uninstall the game right away, since it's infected with the DroidJack malware.

The original game does not need permissions to initiate phone calls, read SMS messages, record audio, modify address book contacts, read Web history, or change Wi-Fi connection settings. These permissions are a tell-tale sign of the presence of malware inside an application since very few legitimate apps require these permissions all at once.

Permissions requested by an infected version of the game
Permissions requested by an infected version of the game

Photo Gallery (2 Images)

Clones of Pokemon GO for Android used to spread malware
Permissions requested by an infected version of the game
Open gallery