Dangers of the pokemon go backdoor.

pokemon go

Pokemon Go is a smartphone game where you can capture “real” pokemons in your surroundings linked to google maps and virtual reality trough your camera app.

pokemongo2

This post is not about warnings of playing pokemon Go. Even though there are some sincere and justified safety warnings about it (injuries, car crashes). In my opinion it is also an excellent excuse for a burglar that he was just looking for pokemon while walking on your property.

It became so intensely popular that everybody wants it on a smartphone asap even when the official app is not yet available in there country yet. And this is the problem which I would like to highlight.

Iphone users are pretty safe for malicious software. Most people make another apple id for the US, Australia, New Zealand or from Germany and then install it.

Android users however are advised to install the .apk from doubtful recourses. This is called side loading.  There are versions of the apk (android install file) with a back door. It means that people with bad intentions can get full access to your phone. Most people who play the infected game do not notice a thing.

You can see if you have the infected version because of the permissions the game is asking from you. To see if you have the false version check the app permissions and see if it asks for: Record audio, Modify your contacts, Change network connectivity, view wifi connections and retrieve running apps.

More details, screenshots of the permissions and the hash of the good and the infected apk you can find on our website here.

Thanks to proofpoint for details.

Hope that you will share this with your network to limit a possible security threat of a relatively innocent game and prevent it from becoming a living nightmare.

securitysec2

Check the SHA256 hash of the downloaded APK. The legitimate application Good hash 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67, although it is possible that there are updated versions already released. Malicious APK that we analyzed has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4