Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices - a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 25 December 2024
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Google Business Internet Microsoft Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications IT Support Smartphones Communication Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Users Business Management Managed IT Services Upgrade Windows Phishing Outsourced IT Ransomware Data Backup Windows 10 Data Recovery Office Server Save Money Cloud Computing Passwords Windows 10 Tech Term Chrome Virtualization Social Media Saving Money Holiday Gadgets Microsoft Office Automation Managed IT Services Managed Service Operating System Computers Facebook Cybercrime Artificial Intelligence Hacking BYOD Internet of Things Mobile Device Management Networking Health IT Support Wi-Fi Spam Office 365 Remote Telephone Systems Information Technology Covid-19 Alert Information Managed Service Provider Social Engineering Mobility Router BDR Employer-Employee Relationship Bandwidth Recovery Big Data Money Remote Monitoring Encryption Applications Data Breach App History Mobile Computing Law Enforcement Application Human Resources Password Apps Mobile Office Data Storage Patch Management Office Tips Training Government VPN Blockchain Private Cloud Paperless Office How To Managed IT Remote Computing Voice over Internet Protocol HaaS Vulnerability Windows 7 Word Flexibility Google Drive Marketing WiFi Servers Wireless IT solutions Entertainment Avoiding Downtime Website Budget Gmail Data Security Settings Two-factor Authentication Bring Your Own Device Data Management Work/Life Balance Mouse Infrastructure User Error Conferencing Meetings End of Support Education Physical Security Scam Safety Data Protection Sports Risk Management HIPAA Hacker Redundancy Vendor Management Keyboard The Internet of Things Lithium-ion battery USB Vendor Managed Services Display Telephone System Staff Software as a Service Firewall Save Time Machine Learning Remote Work Employee/Employer Relationship Virtual Reality Connectivity Apple RMM Cleaning Social Battery Augmented Reality Shadow IT Fraud Digital Signage Virus Legal Business Intelligence Wearable Technology Retail Remote Worker Hard Drives Internet Exlporer Worker Instant Messaging Unified Threat Management Audit Robot Computer Accessories IT Management Cryptocurrency Excel Procurement Workplace Strategy Botnet Net Neutrality Biometrics PDF Virtual Desktop IT Plan Help Desk Comparison Proactive IT Printing Printer Unsupported Software CES DDoS Bluetooth Best Practice YouTube Charger SharePoint Managed Services Provider Business Technology Black Market Content Management Compliance Access Control OneNote Computer Care Database Customer Service Virtual Assistant Current Events IT Consultant Remote Workers Document Management Telephony Environment Authentication Solid State Drive Wireless Technology Samsung Processor Fax Server How to Downtime Humor Value Hard Drive Data storage Update SaaS Electronic Medical Records Automobile Spam Blocking Google Docs Hiring/Firing Identity Theft Computing Network Congestion Computing Infrastructure Going Green eWaste WIndows 7 Virtual Machine Tip of the week MSP Tablets Reputation webinar Accountants Streaming Media Emergency PCI DSS Tech Support Employer Employee Relationship Credit Cards 2FA Fiber Optics Content Professional Services Microchip Employee Entrepreneur Public Cloud Thought Leadership Techology Password Management Laptop Assessment Password Manager Messaging Cabling Hypervisor Shortcut Windows Server 2008 Customers Multi-Factor Security Policy Dark mode Trend Micro Audiobook Tools Search Engine Cost Management Twitter NIST Touchpad Television Business Mangement SMS Default App Social Networking Procedure User Saving Time PowerPoint Windows Media Player Smart Tech Trending Amazon dark theme Shopping Politics Google Search Advertising Addiction IT Infrastructure Public Computer Recycling AI Running Cable FinTech Managing Stress Regulations Wiring Bing Memory Practices Notifications Transportation Rootkit Amazon Web Services Social Network Computer Fan Cache Investment Cameras Safe Mode Criminal Employees Employee/Employer Relationships GDPR Relocation Workers Hosted Computing Benefits Online Shopping Windows 365 ISP FENG Wireless Internet ROI Video Games File Sharing Science IBM Video Conferencing Sales Bitcoin Worker Commute Flash Camera Shortcuts Inventory Smart Technology Specifications Wire Evernote Point of Sale Personal Experience Cryptomining Customer Relationship Management Printer Server Scalability Software Tips Supercomputer Travel Supply Chain Management Distributed Denial of Service Millennials Monitoring Batteries Business Owner Sync Printers Analyitcs Emails Smart Office NarrowBand Wireless Charging Windows 8.1 Digitize Programming Windows Server 2008 R2 Search Two Factor Authentication Workforce Customer relationships Virtual Private Network iPhone Netflix Root Cause Analysis Cables Email Best Practices IT Assessment Antivirus Manufacturing HBO Windows 8 Knowledge Music Telecommuting Computer Tips Managed IT Service IT service Skype Project Management Security Cameras Files Nanotechnology Data loss Chromecast Cortana Virtual CIO OneDrive Biometric Security Outlook Tablet Leadership Digital Signature Troubleshooting Peripheral Uninterrupted Power Supply Digital Security Cameras Using Data Domains Start Menu Warranty Colocation Screen Mirroring HVAC Loyalty Google Apps Copiers Consultant 5G Maintenance Analytics Frequently Asked Questions Monitor Analysis Books Quick Tip IaaS Ergonomics Mobile Administrator Smartwatch Bloatware Windows 10s Devices Cast Enterprise Content Management Development Best Available OLED

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code