By Courtney Theim
SecureWorld Media
If you're wondering why groups of people armed with smartphones are congregating around parks, churches, and grocery store parking lots, chances are it's not a club or protest.
A new app called Pokemon GO was released in the U.S. on July 6th, and it enables users to catch Pokemon in virtual reality within their own neighborhood. It works by integrating the game map with actual nearby streets and landmarks.
The game has spread like wildfire in the countries that it's available in, but the rest of the world is not willing to wait. Thousands of people around the world are rushing to third-party sites to join in on the action and download the app. The problem with this is that criminals are also rushing to third-party sites to trick users into infecting their devices.
Researchers at Proofpoint found a malicious version of the Android app that included the remote access tool (RAT) called DroidJack, which allows full access to the target's cell phone.
An article by The Guardian even outlines steps on how to "sideload" the app by downloading it from an Android app installer, or Android Package (APK). While the site does warn against using a third-party to install the app, stating it "can put your device at risk of being infected with malware," explicit directions are still given on how to change your phone's security settings to accept the download.
Proofpoint researchers show how to determine if your version of the app is compromised, but they also warn that "the potential exists for attackers to completely compromise a mobile device. If that device is brought onto a corporate network, networked resources are also at risk."
Even though it may sound tempting to download the app before it is officially released in your area, the consequences may not be worth the risk. Afterall, the Pokemon will still be waiting for you to catch them later.