Wednesday, July 13, 2016

Pokemon Go APK Could Hijack Your Phone: How to Check If It's Genuine

Until Pokemon Go makes it way to countries outside of Australia, New Zealand, and the US, a vast majority of eager fans have little choice but to resort to obtaining the game through unofficial means, which means downloading the APK file. It's something we've outlined in this handy guide for Android users.

In the event you've obtained Pokemon Go through other sites, there's a chance it might not be the right APK. According to security software company Proofpoint, a malicious version of the game has been uploaded to various APK download sites.

"This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim's phone. The DroidJack RAT has been described in the past, including by Symantec and Kaspersky. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia," the firm said.

This means that there's chance that the Pokemon Go APK you downloaded is a fake, and could give anonymous individuals complete access to your phone. Here's how you can tell if the Pokemon Go APK you've downloaded is RAT-free.

Method 1:

The Secure Hash Algorithm or SHA is a string of characters unique to specific data. It's a way to check if a file has been altered or not by acting like a signature for a text or data file.

  • To calculate the SHA-256 hash of your Pokemon Go APK this is what you need to do:
  • Obtain Hash Droid from the Play Store.
  • Select Hash A File.
  • Under Select a hash function, choose SHA-256.
  • Choose the Pokemon Go APK from your Download folder.
  • Hit Calculate.
  • If safe you should get: 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67



At the time of posting this, no updated versions of Pokemon Go have been released so it is safe to assume any other SHA-256 hash belongs to a malicious APK.

As per Proofpoint, the SHA-256 of one of the malicious APKs is 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4

Method 2:

  • On your Android device go to Settings -> Apps -> Pokemon Go
  • View the Permissions section.
  • Here's what it should be asking permission for:

And here's what one of the malicious Pokemon Go APK asks for:


As you can see, it would ask for access to your call logs, record audio, check your browsing history, and even send messages and make calls on your behalf. Scary.

Hopefully Niantic and The Pokemon Company rectify this by making Pokemon Go available to all regions soon. Till then though I'd advise caution prior to downloading.
Do Subscribe on YouTube!
Follow Me on Twitter>>> @iamBhavish
And like us on Facebook>>> The Gud1

No comments:

Post a Comment