How to Find out if your installed Pokémon GO APK has Malware

You may have heard the latest bit of news floating around about a virus that infects your phone alongside downloading a modified Pokémon GO APK. Here's how you can find out whether your phone is safe or not.

ONE Store Beta Now Available

You may or may not have heard the latest bit of news floating around about Pokémon GO- this time about a virus that infects your phone alongside downloading a modified Pokémon GO APK. Here’s how you can find out whether your phone is safe or not.

Sad Pikachu is sad because of all these issues with Pokémon GO

Sad Pikachu is sad because of all these issues with Pokémon GO

 

For context purposes, the issue started when US-based Cybersecurity Solutions firm, Proofpoint, discovered an APK modified version of the Pokémon GO app that included a malware remote access tool (RAT) kit called “DroidJack” (aka Andr/SandRAT), which which gives the attacker remote control over the infected phone (such as reading, sending, deleting SMS, read app notifications, etc.)

It’s worth noting that, for those of you who downloaded the Pokémon GO APK via the links we featured in our previous article, you can rest assured that those links were virus-free as per our testing. APKPure and APKMirror, the third-party APK hosting provider of the featured download links, have security and verification processes to ensure that their APKs are legimate, as stated in their Frequently Access Questions (FAQs).

APKMirror_PokemonGo_Verified

APKMirror

APKPure_Pokemon_Verified

APKPure

 

For those of you who want to check whether you have downloaded the malware or not, you can check the device permissions if it is the same as the original no-virus version. If it is, your phone is safe. If not, you have the modified Pokémon GO APK which is potentially unsafe.

 

First, view the app’s device permission details via Settings > Apps > Pokemon Go > Permissions

The permissions that should be there are Camera, Contacts, Location and Storage.

  • Camera for the Augmented Reality (AR) part of the game and getting the screenshots
  • Contacts to find accounts on the device since it uses Google accounts
  • Location for the device location and mapping services
  • Storage for storing game related files such as game saves, screenshots, etc

Screen Shot 2016-07-10 at 1.24.47 PM

Screen Shot 2016-07-10 at 1.25.01 PM

Screen Shot 2016-07-10 at 1.25.10 PM

Screen Shot 2016-07-10 at 1.25.15 PM

 

The official Pokémon GO Version 0.29.0 has the following devices permissions:

  • In-app purchases
  • Identity
    • Find accounts on the device
  • Contacts
    • Find accounts on the device
  • Location
    • Precise location (GPS and network-based)
    • Approximate location (network-based)
  • Photos/Media/Files
    • Modify or delete the contents of your USB storage
    • Read the contents of your USB storage
  • Storage
    • Modify or delete the contents of your USB storage
    • Read the contents of your USB storage
  • Camera
    • Take pictures and videos
  • Other
    • Receive data from Internet
    • Control vibration
    • Pair with Bluetooth devices
    • Access Bluetooth settings
    • Full network access
    • Use accounts on the device
    • View network connections
    • Prevent device from sleeping

*Source: Google Play

 

For the geekier way to check the digital signature of the file, check on SHA256 hash of the app, if it the same as the original. According to Proofpoint:

“The legitimate [Pokémon GO] application that has been often linked to by media outlets has a hash of 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67, although it is possible that there are updated versions already released. The malicious APK that we analyzed has a SHA256 hash of 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4.”

*Article link: http://bit.ly/29Z1oh1

 

If you discover that your installed APK is the modified one with malware (because the permissions are different from the ones above), we advise that you do the following steps :

  • Turn off WIFI or mobile internet
  • Force stop the app, go to Settings > Apps > Pokémon Go, click on ‘Force Stop’
  • To uninstall the app, on that same screen click on ‘Uninstall’ button
  • To make sure to start with a clean slate, format the phone and the SD Card (if applicable). Make sure you have backed-up the files of your phone before reformatting