In order to download the APK, users are required to “side-load” the malicious app by modifying their Android core security settings, allowing their device’s OS to install apps from “untrusted sources.”
Pokémon Go is Installing DroidJack Malware
Security researchers have warned users that many of these online tutorials are linked to malicious versions of the Pokémon Go app that install a backdoor on Android phones, enabling hackers to compromise a user’s device completely.
Security firm Proofpoint has discovered the malicious app, or APK, that has been infected withDroidJack – a Remote Access Tool (RAT) that can hack any Android device by opening a silent backdoor for hackers.
“This is an extremely risky practice and can easily lead users to install malicious apps on their own mobile devices,” researchers at Proofpoint wrote in a blog post. “Should an individual download an APK [Android application package] from a third-party that has been infected with a backdoor, like the one we discovered, their device would then be compromised.”
Here’s How to Prevent Yourself
First of All, Do check the Permission status of all the Third party Apps, If it’s infected, it will always seek system administrative permissions, This is one of the most effective way to differentiate between the legitimate and corrupted App.
Hot to check Permission Status, Simply Go to the Settings → Apps → Pokemon GO and check the game’s permissions.
If you find that the game has asked for permissions like directly call phone numbers, edit and read SMS, record audio, read Web history, modify and read your contacts, read and write call logs, and change network connectivity, then you should uninstall the game right away, since it is infected with DroidJack.
You can also compare the game’s SHA-1 hash – a long string of characters used to verify if a file was infected with or modified by a malicious third-party – to make sure the game matches the hash of the legitimate version.
Instead of downloading available applications from unknown third party source, wait for the Official Pokémon Go app to launch in your country. However, downloading apps from third parties do not always end up with malware or viruses, but it is for sure a risky affair.The best way to wait for the official App to be downloaded from Google Play Store.