[PSA] Sideloaders beware: There’s a modified Pokemon Go APK and it’s malware

  • 1 min read
  • Jul 13, 2016


There is so much going on with Pokemon Go right now. Servers are down, memes are everywhere, and the game has risen straight to the top of both iOS’ App Store and Android’s Play Store all within less than 48 hours of launching in the US

Here is a warning for Android users (iOS users can sit this one out) who do not yet have access to download the new mobile game by official means via the Play Store. There is a modified APK of the game floating around the internet which is meant to gain unauthorized access to your phone.

Sideloading any application is always a risk and your phone could be affected from APKs installed from unknown sources. Anyway, the infected APK has been identified by Proofpoint to contain DroidJack (also known as SandroRAT) which basically gives hackers full remote control over your device.

Luckily, there’s an easy way of seeing whether or not you have the legitimate version when installing it. Upon first launching the game, you are asked to allow permissions of the game.

These permissions should only be the following:

  • Record audio
  • Directly call phone numbers
  • Modify your contacts
  • Edit, send, receive, and read SMS/MMS
  • Location

Besides the other permissions mentioned above, the maliciously modified version of the game will ask for more permissions from the user:

  • Read web bookmarks and history
  • Connect and disconnect Wi-Fi
  • Run at startup

If you had already installed the game, you can check the app’s granted permissions by going into the App’s information and checking the permissions there. Check out the source-link for more technical information about the infected APK.

Be careful where you sideload the APK from if you do, and stay safe/pay attention when playing the game.

Source | Via