Apps & Software

Report uncovers malicious remote access tool in modified Pokémon Go APK

Researchers have uncovered a malware-infected .apk version of Pokémon Go for Android that could potentially infect the phones of those side-loading the game outside of the Google Play Store. Thankfully, the exploited file has not appeared on the internet yet, according to the security firm behind the study, Proofpoint.

“It was uploaded to a malicious file repository service at 09:19:27 UTC on July 7tg, 2016, less than 72 hours after the game was officially released in New Zealand and Australia,” says Proofpoint in a statement.


The report states that a particular Pokémon Go .apk has been modified with the DroidJack malicious remote access tool (RAT), also known as SandroRat. While the malicious software does many unwanted things behind the scenes, it essentially allows a hacker to gain access to the smartphone without the user’s knowledge, says Proofpoint.

“In this case, Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokémon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone,” reads the report.

To the player in the infected version of Pokémon Go, the experience is identical to the normal version of the game, but malicious software is covertly running behind the scenes.


Proofpoint also highlights ways to tell if this particular version has been installed on your device. For example, the app’s list of permissions (which can be accessed by navigating to Settings, Apps, and then locating Pokemon Go), you’ll see some that aren’t typical of most mobile games.

As stated at the beginning of this story, the report also notes that the .apk has not been found on the broader internet yet and is confined to a “malicious file repository service.” So if you’re like many Canadians and have already side-loaded the Android version of Pokémon Go’s .apk, you’re likely free of this malicious software.

While we can’t completely verify the .apk featured in our “here’s how to Pokémon Go for Android in Canada” story, the file is hosted by Android Police’s APK Mirror and has been given positive reviews by thousands of downloaders.

Related linkPokémon Go is more fire than Charizard’s Blaze [Game of the Week]

[source]Proofpoint[/source][via]Android Central[/via]

MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.

Related Articles