Sideloaders beware: a Pokemon Go knock-off contains malware

08.07.2016
The new smash-hit game "Pokemon Go" could become bait for hackers wanting to take over your phone.

Researchers at security firm Proofpoint have already found an Android version of the game containing malware. Once installed, it uses a remote access tool called DroidJack that can give a hacker full access to the phone, Proofpoint said Thursday.

The company hasn’t yet seen the infected game in the wild, but it shows that hackers are already hard at work targeting it. Proofpoint discovered the software in a malicious online file repository.

Pokemon Go is the first Pokemon game sanctioned by Nintendo for iOS and Android devices. It was launched earlier this week, but so far it's only officially available in the U.S., New Zealand and Australia, through the App Store and Google Play.

That means people in other countries who are keen to get their hands on it might resort to side-loading the game from third-party app stores -- opening the door to a potentially infected version.

“Just because you can get the latest software on your device does not mean that you should,” Proofpoint warned.

It said that the infected version uses the same startup screen as the original, making it harder to tell apart.

Hackers routinely build fake versions of popular games to infect phones. Hundreds of clones of "Flappy Bird" were offered, for example, and almost 80 percent of them contained malware, according to a 2014 report from Intel Security.

Michael Kan