{"id":8209,"date":"2016-08-05T13:59:26","date_gmt":"2016-08-05T13:59:26","guid":{"rendered":"http:\/\/localhost\/datcomWP\/?p=8209"},"modified":"2016-08-05T13:59:26","modified_gmt":"2016-08-05T13:59:26","slug":"download-the-wrong-app-and-have-more-than-pokemon-fever-infect-your-device","status":"publish","type":"post","link":"https:\/\/staging.datcomllc.com\/index.php\/2016\/08\/05\/download-the-wrong-app-and-have-more-than-pokemon-fever-infect-your-device\/","title":{"rendered":"Download the Wrong App and Have More Than Pok\u00e9mon Fever Infect Your Device"},"content":{"rendered":"<p>There\u2019s a new augmented reality game on the market these days. Perhaps you\u2019ve heard of it &#8211; a title called <em>Pokemon Go<\/em>, which lets you capture virtual monsters that \u201cappear\u201d on your smartphone\u2019s camera. However, hackers have seized this opportunity to infect players\u2019 mobile devices with a backdoor called DroidJack, which uses the mobile app\u2019s immense popularity to its advantage.<\/p>\n<p><!--more--><\/p>\n<p>As one of Nintendo\u2019s most popular gaming franchises, it shouldn\u2019t come as a surprise that <em>Pokemon Go<\/em> has experienced such a warm reception amongst both new and old fans of the series. It\u2019s ranked as the #1 most downloaded app on both the Apple Store and Google Play store, and was so wildly successful that Nintendo\u2019s stock surged following its release. With over 75 million users worldwide, it has more users than some of the most popular smartphone apps, including Tinder, Twitter, and Google Maps.<\/p>\n<p>Of course, hackers have to ruin the most popular of things, and they made an attempt to exploit this in the form of a malicious APK (Android application package). The game experienced a soft release, probably in order to ensure that the servers (which many <em>Pokemon Go<\/em> gamers suspect is simply a closet full of potato electrodes due to frequent crashes) could handle the traffic volume, which left many countries around the world without access to the game at first.<\/p>\n<p>Thus, impatient fans made attempts to download the APK file and \u201cside-load\u201d it onto their devices &#8211; a major no-no for any security-minded mobile device user. Basically, you have to allow app installation from unknown sources, which is frowned upon due to some apps containing malware, or unnecessary permissions. Yet, those who wanted to play the game didn\u2019t think for one second that what they were really downloading was a backdoor into their devices.<\/p>\n<p>Due to the exclusivity of the application in the days before its release, many users outside of a select few countries chose to download the APK from an unknown source and just rolled with it. Today, the app is available in many countries, but a modified APK that was released online prior to the official release allowed remote access to the device, and can provide full control over the victim\u2019s phone. In worst-case scenarios, this vulnerability extends to the rest of any network that the device is connected to. Security firm Proofpoint suggests that it\u2019s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.<\/p>\n<p>Take a look at the DroidJack-infected app\u2019s permission request, and see for yourself just how strange they might look.<\/p>\n<p><a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/users_content\/10\/pokemon-fig2.png\">https:\/\/www.proofpoint.com\/sites\/default\/files\/users_content\/10\/pokemon-fig2.png<\/a><br \/>\n<a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/users_content\/10\/pokemon-fig3.png\">https:\/\/www.proofpoint.com\/sites\/default\/files\/users_content\/10\/pokemon-fig3.png<\/a><\/p>\n<p>This is a valuable lesson to anyone who uses a smartphone: be careful of what apps you download, and ensure that you aren\u2019t giving your apps too many permissions. There\u2019s almost no reason that a game of any kind should be able to access your text messages, make phone calls, modify your contacts, record audio, or anything else of the sort. Exploitation of the APK hasn\u2019t necessarily been observed in the wild, but a development such as this, where hackers use popular apps to spread their infections, sets a dangerous precedent that cannot be ignored.<\/p>\n<p>You should never install apps from unknown sources in the first place, especially on company devices and smartphones. It\u2019s especially important that you only download apps from reputable sources, like the Apple store and the Google Play store.<\/p>\n<p>After all, \u201cGotta catch \u2018em all,\u201d shouldn\u2019t refer to malware infections.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s a new augmented reality game on the market these days. Perhaps you\u2019ve heard of it &#8211; a title called Pokemon Go, which lets you capture virtual monsters that \u201cappear\u201d on your smartphone\u2019s camera. However, hackers have seized this opportunity to infect players\u2019 mobile devices with a backdoor called DroidJack, which uses the mobile app\u2019s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":8215,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":""},"categories":[12],"tags":[95,15,73],"_links":{"self":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/posts\/8209"}],"collection":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/comments?post=8209"}],"version-history":[{"count":0,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/posts\/8209\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/media?parent=8209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/categories?post=8209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.datcomllc.com\/index.php\/wp-json\/wp\/v2\/tags?post=8209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}