Malicious Pokémon Go app is putting Android phones at risk
Pokémon Go hasn't officially been released in Mauritius but around the world trainers are finding themselves getting into trouble. A malicious version of the app, installing backdoors through its code, has been leaving Android users vulnerable to security issues.
The Nintendo mobile game, developed by Niantic, lets players catch Pokémon in augmented reality as they explore real-world environments. As a person is walking down the street the creatures will appear and can be 'caught'. Players can also add to the free game with in-play downloads ranging from $0.99 to $79.99.
It is so popular, in fact, the app shot to the top of the US App Store at the weekend, was more popular than Tinder and is on par with Twitter in terms of daily active users.
Detailed in a blog post by security company Proof Point, an Android application file (APK) has been modified so that it can "virtually give an attacker full control over a victim's phone".
The software, according to the Silicon Valley-based company, has been altered to include a "malicious remote access tool" called DroidJack.
Pokémon Go was initially released in apps stores in Australia and New Zealand on July 4 and was followed by a US release two days later. A demand in popularity for the game created "server issues" and developers have reportedly paused the rollout to fix the issues.
Thank you for your patience. We have been working to fix the server issues. We will continue rolling out #PokemonGO to new countries soon.— Pokémon GO (@PokemonGoApp) July 8, 2016
Due to the game's popularity and the open source nature of Android, the files for the game were available to download onto any phone running the required Android 4.4 operating system. To install the malicious version of the game, users are required to "side-load" the application, which effectively disables security settings that prevent loading apps that haven't been officially verified.
"Unfortunately, this is an extremely risky practice and can easily lead users to installing malicious apps on their own mobile devices," the security company said in its blog post. "Should an individual download an APK from a third party that has been infected with a backdoor, such as the one we discovered, their device would then be compromised."
It also says those who are worried about installing the malicious version of the app should check their app settings and the permissions that have been granted to it.
Aside from software, Go has also been causing problems in the physical world. In Missouri, US, organised criminals have been taking advantage of those playing the game.
In a statement, officials from the O'Fallon Polce Department said armed robbers have targeted people using the game.
"The way we believe it was used is you can add a beacon to a pokestop [sic] to lure more players," the force said. "Apparently they were using the app to locate ppl [sic] standing around in the middle of a parking lot or whatever other location they were in."
UPDATE INFORMATION BELOW-This morning at approximately 2 am we responded to the report of an Armed Robbery near the...Posted by O'Fallon Missouri Police Department on Sunday, July 10, 2016