Because not everyone can play the highly anticipated Pokémon GO just yet, Pinoy Pokémon Master-aspirants resorted to downloading an APK version of the app. But be warned! Your phone might be infected.
A malicious version of Pokémon Go is infecting Android phones according to security firm Proofpoint. This particular version of the app installs a backdoor granting full control of the Android phone to hackers through a malicious remote access tool (RAT) called DroidJack.
Proofpoint reports, on its website, that the malicious version was released 72 hours after the game was rolled out in Australia and New Zealand. So, how to tell if you have the infected version on your Android?
Well, if you’re using an APK-installed app, there’s a big chance you might have the malicious version. If you had to disable Android security to allow “side-loading” the game, your phone might be at risk.
To make sure, check the app permissions. Here’s how the legitimate version looks like:
The compromised version looks like this:
According to Proofpoint, users can also check the app’s SHA-1 hashes – a long group of characters that verifies whether a file is modified.
“The legitimate application that has been often linked to by media outlets has a hash of8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67, although it is possible that there are updated versions already released. The malicious APK that we analysed has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4”
Servers have been blocked in the Philippines a couple of days after the release of the game, but as of the moment, there are reports on social media claiming servers are up again.
Have you installed an APK version of the app? Have you verified if it’s safe? Let us know!