Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

Download the Wrong App and Have More Than Pokémon Fever Infect Your Device

There’s a new augmented reality game on the market these days. Perhaps you’ve heard of it - a title called Pokemon Go, which lets you capture virtual monsters that “appear” on your smartphone’s camera. However, hackers have seized this opportunity to infect players’ mobile devices with a backdoor called DroidJack, which uses the mobile app’s immense popularity to its advantage.

As one of Nintendo’s most popular gaming franchises, it shouldn’t come as a surprise that Pokemon Go has experienced such a warm reception amongst both new and old fans of the series. It’s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo’s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.

Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many Pokemon Go gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.

Thus, impatient fans made attempts to download the APK file and “side-load” it onto their devices - a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn’t think for one second that what they were really downloading was a backdoor into their devices.

Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim’s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren’t giving your apps too many permissions. There’s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn’t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.

You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It’s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.

After all, “Gotta catch ‘em all,” shouldn’t refer to malware infections.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications Smartphones Communication Business Continuity IT Support Miscellaneous Smartphone Mobile Device Small Business Network Browser Productivity Collaboration Cybersecurity Quick Tips Users Business Management Phishing Upgrade Windows Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Data Recovery Office Cloud Computing Server Save Money Windows 10 Passwords Virtualization Saving Money Social Media Holiday Gadgets Tech Term Chrome Automation Managed IT Services Managed Service Microsoft Office Computers Facebook Cybercrime Artificial Intelligence Operating System BYOD Mobile Device Management Internet of Things Networking Health IT Support Wi-Fi Hacking Remote Office 365 Telephone Systems Information Technology Covid-19 Information Alert Managed Service Provider Spam Router BDR Bandwidth Employer-Employee Relationship Recovery Social Engineering Mobility Encryption Applications Mobile Computing App History Application Law Enforcement Human Resources Big Data Password Money Remote Monitoring Data Breach Office Tips Blockchain Training Government Paperless Office How To VPN Private Cloud Managed IT Remote Computing Data Storage Patch Management Apps Mobile Office Flexibility Servers Marketing Google Drive WiFi IT solutions Wireless Entertainment Data Security Website Budget Avoiding Downtime Gmail Settings Infrastructure Two-factor Authentication Voice over Internet Protocol Bring Your Own Device Data Management Work/Life Balance Vulnerability Mouse HaaS Windows 7 Word Education Physical Security Vendor Management Safety HIPAA Risk Management Sports Redundancy Hacker Keyboard Vendor The Internet of Things Lithium-ion battery USB Managed Services Staff Software as a Service Display Telephone System Machine Learning Connectivity Remote Work Firewall Employee/Employer Relationship Save Time RMM Virtual Reality Apple Conferencing Cleaning Social Scam User Error Data Protection End of Support Meetings Computer Accessories Retail Comparison Net Neutrality Hard Drives Workplace Strategy Internet Exlporer Instant Messaging Robot Help Desk Excel Unsupported Software CES Printing PDF Charger Biometrics Content Management Virtual Desktop Business Technology Access Control Printer Compliance Bluetooth OneNote Computer Care Managed Services Provider Proactive IT Current Events Virtual Assistant DDoS Telephony Authentication Database Best Practice SharePoint Samsung YouTube Remote Workers Black Market IT Consultant Value Processor Customer Service Update Document Management Spam Blocking Electronic Medical Records Environment Solid State Drive Humor Hard Drive Wireless Technology Downtime Fax Server Google Docs How to Hiring/Firing Identity Theft SaaS Computing Data storage Automobile Augmented Reality Computing Infrastructure Network Congestion Fraud Business Intelligence eWaste Going Green Digital Signage Remote Worker Audit Worker IT Management Cryptocurrency Virus Battery Botnet Shadow IT Unified Threat Management IT Plan Legal Wearable Technology Procurement Workers Hosted Computing Social Network Benefits GDPR Politics Managing Stress FENG Wireless Internet Advertising Online Shopping Investment File Sharing Employees Running Cable IBM Employee/Employer Relationships Flash Camera Windows 365 Inventory Cameras Smart Technology Specifications ISP Notifications Memory Wire Video Conferencing Evernote ROI Supercomputer Bitcoin Travel Shortcuts Software Tips Sales Sync Printers Point of Sale Emails Personal Relocation Millennials Cryptomining Smart Office Supply Chain Management Wireless Charging Batteries Science Monitoring Video Games Virtual Private Network Windows 8.1 Worker Commute Netflix Digitize Printer Server Two Factor Authentication Workforce Experience Root Cause Analysis Cables Windows Server 2008 R2 Knowledge Customer Relationship Management Music HBO Customer relationships Scalability Distributed Denial of Service Skype Project Management Email Best Practices Business Owner Nanotechnology IT Assessment Telecommuting Manufacturing Analyitcs Data loss Cortana NarrowBand Programming Leadership Digital Signature Managed IT Service Troubleshooting Security Cameras Outlook Computer Tips Search Start Menu Warranty Virtual CIO OneDrive iPhone Biometric Security Screen Mirroring HVAC Peripheral Antivirus Loyalty Google Apps Analysis Using Data Books Windows 8 Frequently Asked Questions Digital Security Cameras Mobile Administrator Windows 10s Devices Copiers Files IT service 5G Cast Enterprise Content Management Quick Tip Chromecast webinar Accountants Emergency Smartwatch Tablet Tip of the week MSP Ergonomics Consultant Professional Services Microchip Public Cloud Thought Leadership Development Colocation Analytics Domains Employer Employee Relationship Credit Cards OLED Uninterrupted Power Supply Password Management PCI DSS Assessment Password Manager Virtual Machine IaaS Fiber Optics Monitor Maintenance Multi-Factor Security Employee Windows Server 2008 2FA Best Available Tools Search Engine WIndows 7 Twitter Messaging Cabling Bloatware NIST Policy Television Business Mangement Hypervisor Smart Tech Trend Micro Reputation Trending Streaming Media Tablets Dark mode Content Addiction SMS Amazon Default App Tech Support Entrepreneur Procedure Techology Public Computer Recycling Saving Time Laptop Practices Shopping Customers Shortcut Transportation Google Search Regulations Wiring dark theme Audiobook User Computer Fan Cache AI PowerPoint Rootkit Amazon Web Services IT Infrastructure Windows Media Player Cost Management Social Networking Bing Safe Mode FinTech Criminal Touchpad

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code