Since 2015, thousands of aspiring Pokémon trainers have been waiting for the release of Pokémon GO, the augmented reality game that will allow players to catch hidden Pokémon’s in the real world and conquer “gyms” through the internet, traveling both physically as well as within the app itself.
For the first time, we will be able to experience what it feels like to walk through a meadow and meet a Nidoran, or find a Gengar in a cemetery, or spot a Magneton near a modern building, all of them in the wild and waiting to be caught and trained.
Niantic Inc., the game’s developer, with the support of Nintendo and The Pokémon Company, has so far only made it freely available to users in the US, Australia and New Zealand. The rest of the world will unfortunately have to wait for a global release date, which is expected to be sooner rather than later.
However, this hasn’t stopped fans of Pokémon from getting access to the game. Many have resorted to downloading the Pokémon GO APK from a link available via online forums and Facebook groups.
This is problematic. As excited as you may be in getting your hand on the game early, bypassing traditional routes is not without its shortcomings. You have to always remember that downloading apps from nonofficial repositories – such as Google Play and the App Store – entails security risks.
This game is no exception, as researchers recently revealed. In their blog, they explained that they have discovered modified versions of the app that installs malware in order to spy on users and the content of their devices: “This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone.”
This malicious Pokémon GO APK is detected by ESET as a variant of Android/Spy.Kasandra.B.
The danger of following any piece of advice
You were probably surprised, just like us, to hear that many well-known and trusted media outlets have recommended evading the security provided by official stores by enabling application downloads from unknown sources and downloading the APK from third parties. This is not the kind of advice that a security expert would give.
Regardless of who the developer is, it is important to highlight that downloads from external sourcesare never a good idea because the apps have not go through the usual security controls.
These apps are often modified to include malware or remote access tools that allow anyone with malicious intentions to gain control over a victim’s device.
Cybercriminals will certainly take advantage of gamers who simply can’t wait to download the official Pokémon GO app in their region, and will hide their threats in apparently harmless archives.
Don’t fall into this trap. Instead, we recommend you wait for the official game to launch in your country. It’ll be hard, but it’s the safer option.
Meanwhile, keep your security software on your mobile device always updated; read reviews from people who have already installed the application you’re about to download; and pay careful attention to the permissions requested during installation.
Don’t forget – physical and digital – security
With regard to digital security, as stated above, always choose official sources and read the terms and privacy policies before installing the application. The game will try to collect different kinds of data from gamers, such as their Google account information, their GPS location and travel histories, as well their email addresses.
The often-collapsed servers (with only three countries playing officially) show how massive the Pokémon GO app will be when it starts to expand. The game has already captured the imaginationof those who have started to play it.
Many are transfixed, walking down the street with eyes fixed on their screens as they look for Pokémon’s, trespassing, standing in front of churches, police stations, hospitals or private homes where they have found something interesting.
Naturally, you should make sure not to walk into dangerous places, not to have your smartphone stolen, and to always carry a portable charger – this app consumes quite a lot of battery!
Such is the concern over gamers, that a police force in northern Australia has issued a warning:
And of course it isn’t. You’ll have your own when it’s time.
by Sabrina Pagnotta, ESET We Live Security