Slashdot Mirror

← Back to Stories (view on slashdot.org)

Infected Pokemon GO APK Carries Dangerous Android Backdoor

Posted by msmash on from the take-precaution dept.

An anonymous reader writes: Users eager to get their hands on the new Nintendo mobile gaming app Pokemon GO, downloading unofficial copies of the game are opening themselves up to hackers who are circulating malicious versions of the Android APK. A remote access tool (RAT), known as DroidJack (or SandroRAT), has been added to some APK files, allowing third parties to gain full control over the users' mobile devices. Permissions granted to the dodgy app include; directly calling phone numbers, reading phone status' and identities, editing and reading text messages, sending SMS messages and recording audio.The problem is that Pokemon Go is not officially available in every region, and the Google PlayStore doesn't let people in an unsupported region download the app. Also, millions of smartphones and tablets don't support many Google Mobile Services (GMS). While we do not condone downloading installation files of Android apps and games from unofficial stores, APKMirror is one of the few places that we would suggest our readers to check as it has a very commendable track record.

17 of 110 comments (clear)

  1. Re:GOOD by Opportunist · · Score: 2

    Lemmings was on the Amiga, you couldn't carry that with you!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  2. Gotta catch'em all by rodrigoandrade · · Score: 2

    Can't wait to see kids running around the slums, whore houses, drug dens, and all kinds of shitholes looking for stupid pokemons.

    Kids + geocahing: what could possibly go wrong?

    1. Re:Gotta catch'em all by lgw · · Score: 2

      Can't wait to see kids running around the slums, whore houses, drug dens, and all kinds of shitholes looking for stupid pokemons.

      I've been amused by considering the special Pokemon you can only catch in the sewers, or on the grounds of a nuclear power station, or on a military base, or in a burning building, or on a construction site. But sure, crack houses are fun too.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  3. Re:Shocker! by lgw · · Score: 2

    The news is "The problem is that Pokemon Go is not officially available in every region". Shocking that AAA game companies still don't get the single most important fact about selling games. Seriously, WTF?

    --
    Socialism: a lie told by totalitarians and believed by fools.
  4. We already know by Anonymous Coward · · Score: 4, Funny

    That apk and his infected host file is dangerous

  5. Re:Shocker! by Gojira+Shipi-Taro · · Score: 3, Informative

    They're doing a phased rollout because the servers are frequently overwhelmed even with the few regions they're available in.

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
  6. Re:Shocker! by tripleevenfall · · Score: 4, Funny

    My first capture as MaliciousAPK, which I evolved into BotnetDevice and IdentityTheft! It's -10 defense, but gives me 16 additional WalledGardenTaunt per turn when facing an iOS opponent!

  7. Re:GOOD by __aaclcg7560 · · Score: 4, Funny

    lemmings was on everything.

    Until they fell off and died a horrible death.

  8. And on iOS, you compromise your Google account by _xeno_ · · Score: 2, Interesting

    Also worth mentioning that if you log in to the game via your Google Account under iOS, Niantic gets "full access" to your Google account.

    Meaning that they can do things like:

    1. Read your email.
    2. Send email as you.
    3. View photos you've uploaded.
    4. View your Google+ Profile (OK, no one cares about this).
    5. Delete documents from your Google Drive.

    In fact, Google lists only three things it can't do: Change your password, delete your account, or authorize payments via Google Wallet. And that's it.

    This doesn't apply under Android for some reason, it's limited solely to iOS.

    --
    You are in a maze of twisty little relative jumps, all alike.
    1. Re: And on iOS, you compromise your Google account by literaldeluxe · · Score: 2

      Niantic, the creators, are an Alphabet company. They already have your info.

      They *were* an Alphabet company. They were spun off in 2015.

    2. Re: And on iOS, you compromise your Google account by _xeno_ · · Score: 2

      No, they aren't, they're entirely independent of Google and have been for the past year. They aren't part of Alphabet. They have no reason to have "complete access" to your Google account, and clearly don't need it because they don't get it if you log in via Android.

      --
      You are in a maze of twisty little relative jumps, all alike.
  9. SandroRAT? by Yvan256 · · Score: 2

    SandroRAT does sound like a Pokémon name. Seems legit.

  10. Re:Ugh, the "regions" thing again by Anonymous Coward · · Score: 2, Informative

    Server load.

    Seriously: http://uk.businessinsider.com/pokemon-go-international-rollout-paused-2016-7 Pokemon Go has been vastly more successful than they had prepared for. Server crashes have been pretty frequent, even with the 'limited' release.

  11. Re:Shocker! by __aaclcg7560 · · Score: 2

    The main difference is Android lets you go to a menu to disable the security checks while iOS requires a jailbreak.

    I stand corrected. Stupidity is optional but not mandatory on Android. ;)

  12. I'm in Canada and using an APK file by iONiUM · · Score: 4, Interesting

    I downloaded the APK from apkmirror which I trust: http://www.apkmirror.com/apk/n....

    Furthermore, I'm running Android Marshmallow and it allows you to grant or deny specific privileges to each app. This app asked for 4 permissions: contact list, camera, location and storage. This is how you know it's "authentic".

    If it's asking for more than that (i.e. microphone), you've got a malware ridden copy.

  13. Actual news for nerds by watermark · · Score: 2

    I'm not sure it gets any more "news for nerds" than this

  14. ACHIEVEMENT UNLOCKED! by Thud457 · · Score: 2

    I heard if you go into the alley on 34th street at 11PM, you can find a wild MISSINGNO who will kill you and rob you of your smartphone.

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff