Security Alerts & News
by Tymoteusz A. Góral

History
#1110 DroidJack uses side-load. It's super effective! Backdoored Pokemon GO Android app found
Pokemon GO is the first Pokemon game sanctioned by Nintendo for iOS and Android devices. The augmented reality game was first released in Australia and New Zealand on July 4th and users in other regions quickly clamored for versions for their devices. It was released on July 6th in the US, but the rest of the world will remain tempted to find a copy outside legitimate channels. To that end, a number of publications have provided tutorials for "side-loading" the application on Android. However, as with any apps installed outside of official app stores, users may get more than they bargained for.

In this case, Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO [1]. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim’s phone. The DroidJack RAT has been described in the past, including by Symantec [2] and Kaspersky [3]. Although we have not observed this malicious APK in the wild, it was uploaded to a malicious file repository service at 09:19:27 UTC on July 7, 2016, less than 72 hours after the game was officially released in New Zealand and Australia.

Likely due to the fact that the game had not been officially released globally at the same time, many gamers wishing to access the game before it was released in their region resorted to downloading the APK from third parties. Additionally, many large media outlets provided instructions on how to download the game from a third party [4,5,6]. Some even went further and described how to install the APK downloaded from a third party [7]:

“To install an APK directly you'll first have to tell your Android device to accept side-loaded apps. This can usually be done by visiting Settings, clicking into the Security area, and then enabling the "unknown sources" checkbox."
Read more
#1119 Millions of Xiaomi phones at risk of remotely installed malware
#1118 IoT medical devices: A prescription for disaster
#1117 Executive's guide to mobile security (free ebook)
#1116 HTTPS is not a magic bullet for Web security
#1115 Time management tips: How to create meetings that work
#1114 The state of mobile device security: Android vs. iOS
#1113 Industrial cybersecurity threat landscape
#1112 How Poland’s intrusive new spying law could bug world leaders at NATO summit
#1111 The Dropping Elephant – aggressive cyber-espionage in the Asian region
#1110 DroidJack uses side-load. It's super effective! Backdoored Pokemon GO Android app found
#1109 CISSP certification: Are multiple choice tests the best way to hire infosec pros?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12