The new smash-hit game "Pokemon Go" could become bait for hackers wanting to take over your phone.
Researchers at security firm Proofpoint have already found an Android version of the game containing malware. Once installed, it uses a remote access tool called DroidJack that can give a hacker full access to the phone
Pokemon Go is the first Pokemon game sanctioned by Nintendo for iOS and Android devices. It was launched earlier this week, but so far it's only officially available in the U.S., New Zealand and Australia, through the App Store and Google Play.
That means people in other countries who are keen to get their hands on it might resort to side-loading the game from third-party app stores -- opening the door to a potentially infected version.
It said that the infected version uses the same startup screen as the original, making it harder to tell apart.
Luckily, there’s an easy way of seeing whether or not you have the legitimate version when installing it. Upon first launching the game, you are asked to allow permissions of the game.
These permissions should only be the following:
Directly call phone numbers
Modify your contacts
Edit, send, receive, and read SMS/MMS
Besides the other permissions mentioned above, the maliciously modified version of the game will ask for more permissions from the user:
Read web bookmarks and history
Connect and disconnect Wi-Fi
Run at startup
If you had already installed the game, you can check the app’s granted permissions by going into the App’s information and checking the permissions there. Check out the source-link for more technical information about the infected APK.
Be careful where you sideload the APK from if you do, and stay safe/pay attention when playing the game.
Rate this article: