Slashdot Mirror

← Back to Stories (view on slashdot.org)

Over 500K People Have Installed a Pokemon Go-Related App That Roots and Hijacks Android Devices (softpedia.com)

Posted by BeauHD on from the gotta-catch-em-all dept.

An anonymous reader writes: Over 500,000 people have downloaded an Android app called "Guide for Pokemon Go" that roots the devices in order to deliver ads and installs apps without the user's knowledge. Researchers that analyzed the malware said it contained multiple defenses that made reverse-engineering very difficult -- some of the most advanced they've seen -- which explains why it managed to fool Google's security scanner and end up on the official Play Store. The exploits contained in the app's rooting functions were able to root any Android released between 2012 and 2015. The trojan found inside the app was also found in nine other apps, affecting another 100,000 users. The crook behind this trojan was obviously riding various popularity waves, packing his malware in clones for whatever app or game is popular at one particular point in time.

57 comments

  1. Installed? by AmiMoJo · · Score: 4, Insightful

    Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

    So 500k downloads could equal zero installs.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:Installed? by macs4all · · Score: 1

      Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

      So 500k downloads could equal zero installs.

      But you know it doesn't.

    2. Re:Installed? by Anonymous Coward · · Score: 3, Informative

      Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

      So 500k downloads could equal zero installs.

      That's in the paragraph below the one quoted by TFA:

      The app, named Guide for Pokémon Go, made its way onto the official Google Play Store, from where over 500,000 users downloaded and installed it on their smartphones.

      Kaspersky says that telemetry data received from its security products found that at least 6,000 users had their phones rooted and under the malware author's control.

      If it roots on activation it's odd to say that there have been 500K installs but only around 6K roots. 500K downloads and attempted-installs maybe.

    3. Re:Installed? by Anonymous Coward · · Score: 0

      They obviously used phones that the rooting packages didn't support. I think the editor's intention was to put the highlight on the rooting function's presence inside the app, not necessarily its success. It's still a crime if you attempt to kill 500k people, even if you kill only 6K. That kind of thinking.

    4. Re:Installed? by geogob · · Score: 2

      No every Android phone with the installed app / root kit may have some Kaspersky security product delivering telemetry. This makes those numbers a bit difficult to interpret understand.

      I do not believe that both numbers (the 500k and the 6000) can be related and compared. In the end you can only conclude what is written in the text: at least 6000 phones are compromised, with the implicit knowledge that this number may be much higher, possibly in the 500 k range.

      An interesting information would be to know how many devices overall are monitored by Kaspersky (from which the 6000 infected device have been identified) and how many of those attempted to install the said app. A further interesting information would be the overall count of active individual devices on the Google Play Store in the time period where the app was available. These information would allow interesting cross comparison and possibly help to understand user behaviour in face of a product identified as potentially harmful.

      The information from Kaspersky may also be further biased by the fact that someone with such security products on their phone may have a different level of awareness for such risks as someone who doesn't.

    5. Re:Installed? by Anonymous Coward · · Score: 0

      Installed or downloaded? Android scans apps, even side loaded ones, during installation for malware. This app has been on the banned list for ages.

      So 500k downloads could equal zero installs.

      But you know it doesn't.

      Sure, but there's little to worry about. From the summary:

      The crook behind this trojan was obviously riding various popularity waves, packing his malware in clones for whatever app or game is popular at one particular point in time.

      So if you don't follow crowds, don't care about trends, and don't jump on stupid bandwagons then you're not in the target audience. Terrorist attacks work this way too - if you really hate crowds you don't have a whole lot to worry about. Not that anyone in the US ever had much to worry about there (except from their own government - capable of doing far more harm and more lasting harm than any terrorist) but that's another discussion.

    6. Re:Installed? by NatasRevol · · Score: 1

      So, if you like using your Android for fun stuff, like most people do, you're fucked?

      --
      There are two types of people in the world: Those who crave closure
    7. Re:Installed? by AmiMoJo · · Score: 2

      500k seems to be the number of downloads, so I'd imagine that between people who don't have side-loading enabled, who see the warnings during installation and change their minds, who have AV that blocks it, that got the Play update that blocks it or who have incompatible devices (there is no universal root exploit for Android, they are all kernel/bootloader specific) the number of infected devices is probably quite low.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:Installed? by Anonymous Coward · · Score: 0

      "Most people" don't have an Android. You're attitude suggest that you are exactly the sort of crowd-following, trend-obsessing, bandwagon-jumper that the AC was referring to.

    9. Re:Installed? by NatasRevol · · Score: 1

      Given that Android has about 80% global market share, you're full of shit.

      http://www.statista.com/statis...

      Because god forbid all those people use their phones for fun. Are you a fun-shamer? Or just an asshole?

      --
      There are two types of people in the world: Those who crave closure
    10. Re: Installed? by Anonymous Coward · · Score: 0

      depends on source, firmware etc.

      and play store might just have bypassed the scans and supposedly it was camoflauged?

      never mind that you can just fetch the executable code post install. android isn't j2me you know.

    11. Re:Installed? by Anonymous Coward · · Score: 0

      Neither installed nor downloaded, because only LUDDITES install and download! Since this is an appy app app, it was APPED onto the app apping device!

      Apps!

  2. And by Anonymous Coward · · Score: 0

    That makes me laugh.

  3. How did this get out, dammit! by Opportunist · · Score: 2

    Oh, you're not talking about the "genuine" variant?

    Oh. Never mind, carry on...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  4. Samsung Knox by Anonymous Coward · · Score: 0

    I'd like to see them get past Knox and root my S5.

    1. Re:Samsung Knox by Anonymous Coward · · Score: 0

      They already have, you just think that those weird ads and supplementary charges showing up on your provider's bill are normal...

  5. Gotta catchem all. by Anonymous Coward · · Score: 2, Funny

    Looks like they caught a "peekatyou".

    1. Re:Gotta catchem all. by asylumx · · Score: 1

      The day after the game came out, a coworker said to me "I caught a pikachu coming out of the shower" which was immediately alarming for a moment until I got the context sorted out in my head.

    2. Re: Gotta catchem all. by hackwrench · · Score: 1

      The day will come when they shed their Pokémon skins and are revealed to the world to be Cybermen.

  6. QUICK by Anonymous Coward · · Score: 0

    Blame everyone else for people being fucking retarded

  7. ROOT!? by Anonymous Coward · · Score: 1

    Does it root any Android device? Does anybody knows how dies it work?
    Because I have been trying to root mine for ages...

    1. Re:ROOT!? by alexo · · Score: 1

      I admit that I am an Android noob, but when I searched about rooting my Nexus 5, I got the impression that doing so will factory reset my device, and I will lose some of my data unless I backed it up first. Except that the even the best backup apps would not back up everything, unless the phone is already rooted...

  8. What to do? by Anonymous Coward · · Score: 0

    It'd be nice if the article told victims what to do if they've installed the app and been rooted.

    1. Re:What to do? by Anonymous Coward · · Score: 0

      It'd be nice if the article told victims what to do if they've installed the app and been rooted.

      That's easy: grab your ankles and kiss your ass goodbye!

  9. Malware by Oswald+McWeany · · Score: 4, Funny

    Malware, gotta catch 'em all.

    --
    "That's the way to do it" - Punch
  10. And in the BEGINNING God Created by Anonymous Coward · · Score: 0

    The stupid. Then told Darwin. The rest is history!

  11. Before it dies by Anonymous Coward · · Score: 0

    Better get infected now, before the game stops being popular. Come on guys

  12. Ultimate Root App by scratchy_king · · Score: 4, Insightful

    The trojan roots all Android devices released between 2012 and 2015?

    Without needing to unlock the bootloader, install custom recovery, etc.?

    Awesome! Where do I sign up!?

    1. Re:Ultimate Root App by fmoliveira · · Score: 1

      you dont need bootloader and recovery stuff just for rooting. that is for installing a custom rom

  13. So that many stupid Android users by Anonymous Coward · · Score: 0

    I'll admit I am no fan of Android in many respects, security of their apps store is a primary issue for me. But users are clueless and risk takers when it comes to not being able to identify bogus apps. Too many rely on a Google scan or a Apple vetting process to weed out bad apps. I've read countless articles on how Android security apps are not needed. The concept if 100% effective would be correct, bot for IOS and Android. If all apps were vetted properly and securely placed in the app store. This should not be a problem, but that's simply not the case.

    1. Re:So that many stupid Android users by Anonymous Coward · · Score: 0

      Android had a good start but Google walked the wrong path. As apps were asking for more and more unneeded permissions, Google responded with "that's OK, we're going to filter apps that *abuse* those permissions. That's how we ended up with every app asking every permission and oops, it turns out that the filter doesn't work.

    2. Re: So that many stupid Android users by Anonymous Coward · · Score: 0

      androids perm. and package system is pretty well put on paper.

      but the implementation is shit. why? because google apps.

      why doesn't the user have default possibility for root for user in apps area? because google apps.

      put in manufacturer apps with special perms and you really have to ask why they put in selinux. the user should have at least a real fw...
      even if you try, trying to figure out if a phone has extra data flowing out from it or unwanted network activity, it's basically hopeless. so much crap.

      also, ipv6 is here and alive. it's only used for tracking and malwarw though. why? less likely to be firewalled.

  14. Kid problems by Anonymous Coward · · Score: 0

    Being a grownup, I'm not really too worried about this.

  15. So are they no longer able to play? by wardrich86 · · Score: 1

    For who knows why, Niantic's latest update to PoGo bars all rooted users from playing. Would this app cause all of those players to no longer access the game?

    1. Re:So are they no longer able to play? by Anonymous Coward · · Score: 0

      "For who knows why,"

      Cheaters, obviously.

    2. Re:So are they no longer able to play? by Opportunist · · Score: 1

      Since cheating in Pokemon pretty much means faking your GPS position, I'd say that they do have a vested interesting in having no cheaters in the game, yes...

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:So are they no longer able to play? by Anonymous Coward · · Score: 0

      It's trivially easy to spoof your GPS without root, if you know what you are doing.

  16. Deliver ads without user's knowledge? by Anonymous Coward · · Score: 0

    Either this is the best type of ad or the worst type of ad.

  17. But I thought Android was secure by CastrTroy · · Score: 1

    This just goes to show what happens when you put an operating system in the hands of millions/billions of every day users. It can be Windows, Linux, OSX, iOS, Android, it doesn't matter. People are idiots and they will install anything. I didn't really think it was possible to root a phone simply by installing an app. That definitely is a failing in the security. But there isn't really anything you can do to completely stop all attacks if people are going to install random software.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    1. Re: But I thought Android was secure by Anonymous Coward · · Score: 0

      If that makes you feel better about yourself keep thinking that. It was in the app store. You're A fucking tool of a person asshole.

    2. Re:But I thought Android was secure by Anonymous Coward · · Score: 0

      Heretic! POSIX compliant operating systems are immune to viruses, and have been since before the Morris Worm accidentally crippled the internet!

      [/sarcasm]

    3. Re:But I thought Android was secure by Maritz · · Score: 1

      People are idiots and they will install anything.

      Most people would say it's reasonable to install from the google play market, because it's curated/vetted. You on the other hand, think they're idiots. Can you talk us through what you would do, if you saw an app in the market that was interesting to you? Go through the code, maybe? Maybe nothing would ever be of interest to you, because you're not an idiot?

      The important thing is you declared your smartness to slashdot. I think that's all that matters in the end, no?

      --
      I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
    4. Re: But I thought Android was secure by Anonymous Coward · · Score: 0

      if it takes installing an app you're lucky.

      the usual way is bad cert checking. or not checking at all. in the update fetch to the security system.

    5. Re:But I thought Android was secure by tlhIngan · · Score: 1

      This just goes to show what happens when you put an operating system in the hands of millions/billions of every day users. It can be Windows, Linux, OSX, iOS, Android, it doesn't matter. People are idiots and they will install anything. I didn't really think it was possible to root a phone simply by installing an app. That definitely is a failing in the security. But there isn't really anything you can do to completely stop all attacks if people are going to install random software.

      That's why Apple generally vets all apps before they make it in the App Store. People ARE idiots, and thus Apple presents their App storea as a safe location to get apps. Malware is few and far between, and usually limited to data theft by using existing APIs - none actually try to jailbreak the phone.

      The only thine Apple has done is anger a few geeks in the process, but the millions of non-geek iPhone users can blindly install apps from the App Store just fine.

  18. It Really Pisses Me Off by Anonymous Coward · · Score: 2, Insightful

    It really pisses me off that these apps can supposedly root Android and install all sorts of apps, yet trying to get root on my Galaxy is a convoluted game of Twister requiring the setting of permissions, installing special PC software, installing special (skecthy as fuck) boot loaders, custom (sketchy as fuck) recovery environments, and more.

    And, rooting Amazon fire tablets is either impossible or it's utterly bricked in the attempt.

    How is it that these bullshit apps can so easily get root and install hidden apps behind the scenes in a seamless single step app install?

    1. Re:It Really Pisses Me Off by Anonymous Coward · · Score: 0

      Well, if you look at the success rate, you'll see it's pretty bad:

      "telemetry data received from its security products found that at least 6,000 users had their phones rooted and under the malware author's control."

      So 6,000 successful roots out of 500k devices. Maybe your Samsung would have been safe.

    2. Re: It Really Pisses Me Off by BlytheBowman · · Score: 1

      I just used the latest version of Kingroot when it seemed like I would not be able to root/jailbreak my 5th generation KindleFire No PC needed

    3. Re: It Really Pisses Me Off by BlytheBowman · · Score: 1

      (i'm using a rooted gen 5 Amazon Kindle Fire right now to post this)

    4. Re: It Really Pisses Me Off by Anonymous Coward · · Score: 0

      first gen fire at least is better with cyanogen. real simple to root.

    5. Re:It Really Pisses Me Off by tlhIngan · · Score: 1

      It really pisses me off that these apps can supposedly root Android and install all sorts of apps, yet trying to get root on my Galaxy is a convoluted game of Twister requiring the setting of permissions, installing special PC software, installing special (skecthy as fuck) boot loaders, custom (sketchy as fuck) recovery environments, and more.

      The problem if you're trying to get root to do useful stuff, like a root shell and other things. Plus, you probably want it untethered.

      The apps just need root to install a daemon and have it run and simply run an exploit every time to re-root the phone. Doesn't matter that it has to re-do it everytime.

      And they don't care about bootloaders - the custom bootloader is if you want to run custom ROMs. Here they're just using the stock image, and running one of many exploits used to get full access to the device. Your custom bootloaders, recoveries, etc, are all user things meant to make life easier for you. None of that need apply for malware.

  19. It can root my phone? by Anonymous Coward · · Score: 0

    If this app can really root my Samsung Galaxy Note 4 (AT&T) then I want it!

  20. Guide for Pokemon go by allo · · Score: 1

    There are literally hundreds of such apps, which probably most the time just contain a few buttons with nice pokemon images and some sections of the FAQ ... and of course a lot of ads. This makes it really hard to find good apps, like pokevision (RIP) or Pokeradar or some useful pokedex, which has the weaknesses of the pokemon as they are in pokemon go.

    1. Re:Guide for Pokemon go by hankwang · · Score: 1

      I did once (July) install an app with that name, but there are many with the same name on the Play store. I uninstalled it the next day because it was crap. Screenshots look familiar, but I'm not sure.

      At least I don't see any suspicious files with setuid permissions, but then: /system/xbin/su is also mode rwx. I guess I'll reflash my ROM (CM13) this weekend, just to be sure...

      --
      Avantslash: low-bandwidth mobile slashdot.
  21. Obligatory by Anonymous Coward · · Score: 0

    Another trojan/virus for Android? Gotta catch'em all!

  22. This is big news: by jxander · · Score: 1

    People are still playing Pokemon Go?!

    --
    This signature is false.
  23. Vintage Leather satchel bags by richardjhonson123 · · Score: 1

    Vintage Leather Bags Vintage Leather Bag | Vintage Leather Bags | Vintage Leather Bags for women | Vintage Leather Bags for men | Handmade Vintage Leather Messenger Bags , Vintage Leather Laptop Bags , Vintage Leather Luggage Bags , Vintage Leather Backpack Bags , Vintage Leather Travel Bags, Vintage Leather bags, Vintage leather backpack Bags, Vintage Leather satchel bags,Vintage leather duffle Bags, Vintage Leather Tote bags