Don’t Get Poké-Punked!
With the Pokémon Go hitting the streets…you know CyberCriminals are not going to be far behind!
The game’s rapid rollout and unparallelled success has it’s risks. Pokemon Go has immediately hit several security and privacy-related speed bumps, and not all of them are virtual…
In this game, players can meet in real life using the Pokéstop feature to do virtual battle. Police in several cities have already accumulated some scary stories – some people are using the popular game to lure other players to remote locations with the intention of robbing them (or worse!).
Google Login Permissions Problems
Many security researchers have been warning that the initial release of the Pokémon Go app has access to many more device permissions than needed, meaning a possible privacy risk. Some information security experts have even been urging players to create “burner” Apple or Google accounts that are only used with this game.
Just 72 hours after the initial release of the Pokemon Go app, CyberCriminals had Trojanized a legitimate version of the free app to include malware, which was released via unofficial, third-party app stores.
Researchers at the security firm “Proofpoint” stated in a blog post that the malicious Android app file “was modified to include the malicious remote access tool called DroidJack – also known as SandroRAT, which would virtually give an attacker full control over a victim’s phone.” Gaming websites have begun publishing instructions on how people can download the app, including using side-loading – evading Google’s official app store – to install them.
Proofpoint went on to state, “In the case of the compromised Pokémon Go APK we analyzed, the potential exists for attackers to completely compromise a mobile device. If that device is brought into a corporate network, networked resources are also at risk.”