The world around me has become a frenzy of augmented reality Pokemon trainers with millions of people trying to «catch them all» in their local environment. The long-awaited addition to the Pokémon series brought budding trainers out of their sofas and onto the streets, tugging hard on the nostalgic heartstrings of adults who thought their Pokémon had caught the addiction of the long-dead.

Niantic, developers of Pokémon Go and its portal that captured the forerunner of the alien battle, Ingress enjoy the currently unparalleled success that their augmented reality game is experiencing. Ingress, while relatively popular, never achieved the global success of Pokémon Go. It’s almost like brand recognition is really helpful!

Success is not without sorrow, however. Niantic seems to have been neglected to learn from the tumultuous early days of Ingress. Their unexpected success seems to have come as a surprise, and despite adding roughly $9 billion to Nintendo’s market cap, big questions remain.

Questions include «how to lure Charizard into your living room» and «why is there only Doduo in my city?» — more serious issues such as widespread reports of Android malware spreading through repackaged Pokémon Go APKs, as well as reports of people being robbed for their extremely expensive smartphones after going too far from their regular places.

Let’s take a look.

Angry Pokemon Go APK

Pokémon brings back some damn strong memories for me. For many years I have played red and blue obsessively, watched many television series, and on my wall proudly hung the coolest poster of the first 150 Pokémon. But this is different.

First 151 Pokémon

Many people with similar Pokémon backgrounds who long ago gave up on their more illustrious gaming desires have found the version release too strong to resist. However, Niantic with Pokémon Go region-locked, meaning those outside the US, Australia, or New Zealand, were supposed to be unable to play until their official versions hit device app stores.

Of course, that’s unlikely to work—and it didn’t. While the apps didn’t show up on the Google Play Store or the UK App Store, users quickly realized that it was easy to get around. Numerous Pokémon Go APKs (Android App Bundles) have been uploaded to a huge number of APK repositories, such that there are so many that Googling «APK» only returns links for Pokémon Go.

chrome apk search

Unfortunately, the hackers saw this as a great opportunity to download APKs containing some serious malware aimed at those users who simply couldn’t wait for the official release date for their region.

Once downloaded to an unsuspecting user’s device, the malicious code immediately runs after unpacking the APK, and you find something completely different.

You caught a rat!

And not Ratata. No it’s R- emote A ccess T ool named Droidjack discovered by researchers at Proofpoint. Also known as SandroRAT, this Android malware has been previously described. from Symantec and Kaspersky and give the attacker remote access to the entire Android device on which the malicious APK is installed. Proofpoint has offered two methods to check if your Android device has been infected:

  1. Check the SHA256 hash of the downloaded APK. Permissible hash Pokemon Go APK should look like 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67 . The hash of the malicious APK detected by Proofpoint reads 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4.
  2. On your Android device go in » Settings > Apps > Pokémon Go and then go to » Permissions» . The images below are the permissions required by the legitimate Pokémon Go APK and the additional permissions granted to the malicious APK.

These are the legal Pokémon Go permissions:

Allowed apps settings for Pokemon

And this is the first page with malicious Pokémon Go permissions:

Pokemon Go 1 Malicious App Settings

And second:

Pokemon Go 2 malware settings

If you have been infected, uninstall the app immediately and remove the malicious APK. Go to the Google Play Store, download Avast Mobile Security and scan your device. Then go back to the Play Store and download Malwarebytes Anti-Malware, scanning your device again.

Remove any malicious content found in any scan.

If you’re hard at work with backups of your Android device, you might have an entire system image to restore. If so, this is another great way to kill malware.

Checking your SHA256 hash

For Windows users, there is an easy option that does not require any download or any installation.

Open an elevated command prompt. Use the following command to create a hash:

  certUtil -hashfile insertfilepathhere [алгоритм хеширования] 

You can choose the hash algorithm MD2, MD4, MD5, SHA1, SHA256, SHA384 or SHA512. In this case, use the SHA256 option.

Once generated, check the hash of the APK against the hash provided by Proofpoint.

Other Issues: iOS Permissions

They are mixed in variety, but all excite. Perhaps the biggest issue has to do with the permissions of the Pokémon Go apps, which as it turns out cause anxiety ( but wrong, please read the next section before you panic! ) obsessively on iOS devices. While most applications require certain levels of permissions. permissions for that Pokémon Go would be made available to power them seem to have stepped over the privacy frontier by asking for (and getting!) access to all Google accounts. This means that instead of the usual simple request for a name, email address, and in some cases, a location, Pokémon Go and Niantic can access Google Drive, personal Gmail accounts, phone content, and more, as well as send emails as the affected user. ,

Niantic made a statement to Gizmodo, stating:

“Recently, we discovered that the Pokémon Go account creation process on iOS is erroneously requesting full control permission for the user’s Google account. However, Pokémon GO only accesses basic Google profile information (in particular, your user ID and email address), and no other Google account information has been or has been obtained or collected.

As soon as we became aware of this bug, we started working on a client-side fix to only request permission for basic Google profile information, according to the data we actually have access to. Google has confirmed that Pokémon GO or Niantic has not received or received any other information.

Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon GO needs, and users don’t need to take any action.»

It’s like one of those double-edged hopeful but how it happened moments, but at least it will be fixed after the rush. Now read the next small section and feel happier.

Google tech support says…

Dan Guido, CEO of Trail of Bits, denied the claim. Even though Niantic released their press statement announcing their investigation and apparent client-side fix, Guido believes «the giant section of the blog post may be wrong»

A developer engineer at Slack checked the OAuth token provided by the service and found that it does not provide any additional data or access to private services associated with the user’s Google account.

Other Issues: Law Enforcement

Law enforcement officials were called in for a number of incidents, all of which were directed directly at Pokémon Go. Most incidents report a Pokémon Trainer wandering to a secluded area to capture a Pokémon, only to be ambushed by thieves who make off with a smartphone.

Some reports say that thieves are actually using the Pokémon Go app itself to find Pokémon when they appear on the local map, head to that location, and lie in wait. Others claim people have wandered into areas they would normally avoid in hopes of catching particularly rare Pokémon, or simply monsters they don’t normally encounter.

These extremely unpleasant experiences were rare during the time I played Ingress, although a strange story came up from time to time. However, it was usually a factional scare rather than outsider robbing players or even outsiders using an app to track and monitor where people would stand with their shiny shiny smartphones. However, the guy was waiting for me next to my car one night after I destroyed his home portals, but that’s another story.

Advice A: Please be reasonable. These are fictional Pokémon you can live without. You can’t live without your life, and I’ve heard that violent robbery can shorten your lifespan considerably. Don’t joke, don’t roam the roads with your Pokémon Go scanner without exploring the world around you, and don’t go hunting where you wouldn’t normally think. Pokémon cannot protect you in the real world.

Nice law enforcement

On the other hand, there have been some funny reports of cops stopping roaming players and then joining them on the hunt when they realize what’s going on. Remember that augmented reality games are still incredibly new for many. our law enforcement officers are included. If you’re walking around a cemetery that is usually frequented by heroin dealers, expect to be asked. Just be polite and explain what you are doing.

Police playing Pokemon Go

Droidjack uses Sideload… It’s super efficient!

By opening your Android device to unsigned and unverified APKs, you are potentially inviting malware. I’m not going to insult those users who happily download and use APKs outside of the Google Play Store by saying, «Don’t do this, you’re guaranteed to get malware all the time,» because that’s not the case.

However, I agree with Proofpoint that “this is an extremely risky practice that can easily lead users to install malicious applications on their own mobile devices. install apps … if a person downloads an APK from a third party that has been infected with a backdoor, such as the one we found, their device will be hacked.”

But users have a big responsibility to exercise due diligence before downloading and installing software from an untrusted source. Just like installing software distributed through warez was once considered the surest way to fight a virus. days gone by it really came down to your distributor. The same can be said about APK distribution sites.

Likewise, those sites that actively encourage users to download and install APKs from unknown sources should be better aware of this.

Avoid Command Missiles

Jessie and James of Team Rockets (and Meow!) don’t actually appear in the game, but please be careful to avoid any sticky situations you might find yourself in. Simply put: it’s not worth the hassle.

You will get your turn to be the very best.

Have you reached out to an unofficial Pokémon Go source? Are you facing any problem? Submit your stories to us below!

Похожие записи