Pokémon GO is proving massively popular and has become the latest target for groups trying to get malware onto your Android device.
The draw of getting Pokémon GO on devices, in countries where the app isn’t available yet, has lead to some players sharing the app’s APK files. Along the way, someone inserted unwanted changes in the form of malware.
Security firm Proofpoint picked up on the mutated version of the app 72 hours after the Australia and New Zealand release. They noted that the malware ridden version of Pokémon GO includes software known as DroidJack. DroidJack allows the creators of the malicious APK files a backdoor into your Android device.
In a blog post by Proofpoint they detail how to spot whether your device has become infected with the malware. One of the more worrying and obvious flags is that the app requests and is granted escalated permissions including; recording audio, reading call logs, contacts and your web history and bookmarks. To check your device head into Settings>Apps and select Pokémon GO. In the screen that follows, you can see all the permissions the app has.
Proofpoint also provided images highlighting the permissions granted to the legitimate and malware infected versions.
So while it might be tempting to side-load the Pokémon GO app on your Android due to it being unavailable in your country, it could give you more than you expected.
Pokémon GO is available to download as a free app now in the US, Australia and New Zealand for iOS and Android, other countries will follow when Niantic Labs stabalise the servers and cope with player load.