Ethical Hacking Training Institute in Pune-India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan


The world appears to currently be divided into two groups, those playing Pokémon Go and those not indulging in the recently released augmented reality mobile game by Nintendo. The game is currently available in the U.S., Australia and New Zealand only, leaving many prospective Pokémon masters anxious to get the game by any means necessary. However, security researchers claims this may not be the best idea.

Last week, in a security talk we recommended users against unofficially installing Pokémon Go on Android devices by sideloading the APK (Android application package), due to the risk of downloading malware. According to security researcher, the threat has emerged in the form of a malware called “DroidJack,” a remote access tool (RAT) that would allow a malicious users to gain full control of an infected smartphone.

The main threat from sideloading applications onto a smartphone is that users must open certain security permissions to install the unofficial software. In particular, users must enable the “unknown sources” options, allowing the device to accept and install third-party software. With this option selected, it users may unintentionally install compromised software onto their devices with the Pokémon Go APK.

So far, the security researches claims  it has seen no public attacks through DroidJack. However, the code was discovered within a malicious file repository on July 7, shortly after Pokémon Goreleased in New Zealand and Australia.

How will I know if my Android smartphone is infected with DroidJack?

There are currently two ways to detect the DroidJack malware. Users can access the Pokémon Go permission by accessing Settings -> Apps -> Pokémon GO and checking within the Permissions setting whether the application has permissions that shouldn’t have been granted. We noted that permissions, such as “Google Play billing service” and “receive data from Internet” likely shouldn’t be granted for the official app; however, they may be on a  DroidJack infected device.

A more advanced method requires users compare the “SHA256 hash” secure algorithm to the unofficial APK to that of the official Pokémon Go APK.

What do I do if I my Android smartphone is infected with DroidJack?

At this point there does not appear to be a fix for the malware. Researchers claims the infected APK has not been spotted in the wild.

What you can do to protect your Android smartphone

Users that live outside of the three countries where Pokémon Go is currently available are most susceptible to having their devices infected. At this time, it is still recommended that users not sideload any third party, unofficial Pokémon Go applications before the game officially releases in their county.

www.extremehacking.org
Cyber Suraksha AbhiyanCEHv9, CHFI, ECSAv9, CAST, ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNECertified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-IndiaEthical Hacking Course in Pune-India