Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices - a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Business Google Network Security Microsoft Internet Email Malware Workplace Tips Backup Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity IT Support Smartphones Communication Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Phishing Windows Upgrade Managed IT Services Outsourced IT Ransomware Data Backup Windows 10 Office Cloud Computing Server Save Money Data Recovery Windows 10 Passwords Saving Money Holiday Tech Term Chrome Gadgets Virtualization Social Media Managed Service Managed IT Services Microsoft Office Automation Cybercrime Operating System Artificial Intelligence Facebook Computers BYOD Health Mobile Device Management Networking IT Support Internet of Things Hacking Wi-Fi Spam Managed Service Provider Remote Office 365 Telephone Systems Alert Covid-19 Information Technology Information Recovery Employer-Employee Relationship Bandwidth Router BDR Social Engineering Mobility Encryption Human Resources Application Applications Remote Monitoring Law Enforcement Big Data Data Breach App History Password Mobile Computing Money How To Remote Computing Government Mobile Office Data Storage Patch Management Private Cloud Managed IT Office Tips Training Blockchain Paperless Office Apps VPN Website Budget Infrastructure Two-factor Authentication Voice over Internet Protocol Google Drive Mouse HaaS Avoiding Downtime Vulnerability Windows 7 Word Servers Wireless Flexibility Bring Your Own Device Data Management Marketing Work/Life Balance WiFi Gmail IT solutions Data Security Entertainment Settings End of Support RMM Firewall Education USB Physical Security Safety Virtual Reality Apple HIPAA Sports Redundancy Social Keyboard User Error Data Protection Conferencing Meetings Scam Risk Management Save Time Hacker Vendor Vendor Management Managed Services The Internet of Things Display Lithium-ion battery Cleaning Telephone System Staff Software as a Service Machine Learning Remote Work Employee/Employer Relationship Connectivity Samsung Shadow IT Fax Server Google Docs Legal Identity Theft Computing Value Internet Exlporer SaaS IT Consultant Spam Blocking Electronic Medical Records PDF Augmented Reality Fraud Humor Hiring/Firing Digital Signage Network Congestion Proactive IT eWaste Remote Worker Best Practice YouTube Cryptocurrency Black Market Procurement Workplace Strategy Net Neutrality Wearable Technology Business Intelligence Hard Drives Comparison Help Desk Retail Instant Messaging Document Management Audit Printing Worker Wireless Technology Robot CES Excel IT Management Solid State Drive How to Downtime Biometrics Botnet Managed Services Provider Virus Business Technology Virtual Desktop Content Management IT Plan Data storage Access Control Automobile Database Unified Threat Management Computer Accessories DDoS Virtual Assistant Unsupported Software Remote Workers Authentication SharePoint Computing Infrastructure Charger Going Green Processor Compliance OneNote Computer Care Current Events Hard Drive Printer Customer Service Update Environment Telephony Battery Bluetooth 5G Antivirus HVAC Google Apps Audiobook Root Cause Analysis Copiers Quick Tip Knowledge Touchpad Printer Server Music Analysis Windows 8 HBO Skype Ergonomics Administrator Smartwatch IT service Devices OLED Enterprise Content Management Politics Data loss Advertising Development PCI DSS Leadership Virtual Machine Troubleshooting MSP Accountants Tablet Outlook Credit Cards Start Menu 2FA Fiber Optics Microchip Notifications Employee Domains Thought Leadership Cabling Password Management Password Manager Screen Mirroring Messaging Loyalty Policy Hypervisor IaaS Books Maintenance Multi-Factor Security Frequently Asked Questions Bloatware Mobile Dark mode Windows 10s Relocation Trend Micro Search Engine Twitter Default App NIST Business Mangement Cast SMS Tip of the week Video Games Procedure webinar Saving Time Emergency Smart Tech Tablets Trending Addiction Entrepreneur Amazon Professional Services Worker Commute dark theme Public Cloud Shopping Employer Employee Relationship Google Search Assessment IT Infrastructure Recycling Experience AI Consultant Windows Server 2008 Scalability FinTech Analytics Wiring Bing Shortcut Practices Cache Cost Management Amazon Web Services Tools Business Owner Social Network Television NarrowBand Investment Safe Mode Social Networking Criminal Best Available Search Employees WIndows 7 Employee/Employer Relationships GDPR Hosted Computing Wireless Internet Online Shopping Windows 365 iPhone ISP Public Computer ROI Running Cable File Sharing Video Conferencing Memory Specifications Regulations Sales Bitcoin Transportation Camera Shortcuts Inventory Wire Evernote Point of Sale Computer Fan Files Personal Rootkit Cryptomining Chromecast Travel Supply Chain Management Millennials Monitoring User Workers Batteries PowerPoint Benefits Printers Windows Media Player Smart Office Wireless Charging Windows 8.1 FENG Colocation Digitize Uninterrupted Power Supply IBM Windows Server 2008 R2 Science Workforce Flash Customer relationships Managing Stress Monitor Smart Technology Virtual Private Network Cables Email Best Practices IT Assessment Manufacturing Supercomputer Cameras Distributed Denial of Service Customer Relationship Management Software Tips Analyitcs Telecommuting Sync Computer Tips Emails Reputation Managed IT Service Project Management Streaming Media Security Cameras Nanotechnology Biometric Security Programming Cortana Content Virtual CIO OneDrive Tech Support Peripheral Laptop Digital Signature Techology Digital Security Cameras Netflix Customers Using Data Two Factor Authentication Warranty

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code