New Delhi: The world is going gaga over an augmented reality game that lets you catch famous Pokemon characters from the popular Japanese cartoon series. But in the frenzy of 'catching 'em all', a malicious version of 'Pokemon Go' is putting Android devices at risk.
The version of the app is being installed via backdoors in countries where the original app by Niantic Labs is yet to be officially launched.
But a security firm has found that the Android application file (APK) has been modified to allow attackers 'full control' over a victim's phone.
In a detailed blog posted by Proof Point, the security company explains that the software has been altered to include DroidJack which is a malicious remote access tool.
The game has been officially rolled out in Australia, New Zealand, and the US. However, due to the game's instant popularity and Android's open source nature, fans have been able to download the files onto any device running Android 4.4 operating system.
In order to install the malicious version, users are asked to 'side-load' the application, thereby bypassing the device's security settings.
Proof Point notes that it is an extremely risky practice and can easily lead users into installing malicious apps onto their devices. They security firm has warned that if a user downloads an APK from a third party which is infected by backdoor, similar to DroidJack, then the device could easily be compromised.
For those who want to ensure they are not installing the wrong version could check their app settings and the permissions provided.
Comments
0 comment