We have to ask how you’ll fare this weekend, the first full weekend of availability for Niantic Labs’ Pokémon Go! Prepared for long days walking from one side of the city to the other? Or are you memeing it up, pointing and laughing at the people who end up crossing town to catch that Flareon? Maybe you’re just sticking your fingers in your ears at this point.
Whatever the case, if you even have the slightest interest in downloading Pokémon Go, make sure you get the .APK from a safe place, especially if your country hasn’t seen the release yet. Yep, we’re talking about you sideloaders out there.
ProofPoint Research has found a modified version of the APK floating around in a third-party file server sometime yesterday containing DroidJack, a remote access tool (that’s Meowt-I mean, RAT to you) that gives hackers an easy door into your file system.
So, what do? An easy way to make sure you’re getting the goods is to check the SHA256 hash on the .apk (again, if you’re sideloading this pocket monster). You should be getting:
- 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67
And, at this point, not:
- 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4
Also, if you go into the pre-installation prompts for the app, the official app will ask permission to record audio, directly call phone numbers, modify your contacts and edit, send, receive and read SMS or MMS messages. The malicious app will ask to read your Web bookmarks and history, change network connectivity, connect and disconnect from Wi-Fi, retrieve running apps and, a bit sorely, run at startup. Big red flag, there.
If you end up installing it, you’d probably not notice anything wrong with the app until you realize that the app is connected to a command and control domain in Turkey.
Be safe and catch’em all!
Source: Proofpoint
Via: Android Central