Infected Pokemon GO APK Carries Dangerous Android Backdoor 110
An anonymous reader writes: Users eager to get their hands on the new Nintendo mobile gaming app Pokemon GO, downloading unofficial copies of the game are opening themselves up to hackers who are circulating malicious versions of the Android APK. A remote access tool (RAT), known as DroidJack (or SandroRAT), has been added to some APK files, allowing third parties to gain full control over the users' mobile devices. Permissions granted to the dodgy app include; directly calling phone numbers, reading phone status' and identities, editing and reading text messages, sending SMS messages and recording audio.The problem is that Pokemon Go is not officially available in every region, and the Google PlayStore doesn't let people in an unsupported region download the app. Also, millions of smartphones and tablets don't support many Google Mobile Services (GMS). While we do not condone downloading installation files of Android apps and games from unofficial stores, APKMirror is one of the few places that we would suggest our readers to check as it has a very commendable track record.
Re: (Score:3)
Lemmings was on the Amiga, you couldn't carry that with you!
Re:GOOD (Score:5, Funny)
lemmings was on everything.
Until they fell off and died a horrible death.
Re: (Score:2)
Btw, the whole lemmings going off a cliff thing was a Disney hoax. At least it led to a fun game.
Re: (Score:2)
so sick of hearing about this shit and seeing all the pictures of people's "cleverly" named whatever the fuck
I hope they all get exploited and the official version starts leading people off cliffs like lemmings
Jeebus man, sit down, have a relaxing drink and get a massage or something before you burst a blood vessel.
Re: (Score:1)
I work on a college campus i can't "just ignore it" because they're fucking bumping into people, wandering into offices
so yeah i'm a little fucking cranky about it. because its bombarding and annoying on the internet AND in real life right now.
and the fucking parking lot today JESUS CHRIST
ACHIEVEMENT UNLOCKED! (Score:3)
Re: (Score:1)
Re: (Score:2)
about as good an article as "sketchy download may have malware"
Re: (Score:2)
because pokemon go!
Re:Shocker! (Score:5, Funny)
My first capture as MaliciousAPK, which I evolved into BotnetDevice and IdentityTheft! It's -10 defense, but gives me 16 additional WalledGardenTaunt per turn when facing an iOS opponent!
Re: (Score:3)
The news is "The problem is that Pokemon Go is not officially available in every region". Shocking that AAA game companies still don't get the single most important fact about selling games. Seriously, WTF?
Re:Shocker! (Score:4, Informative)
They're doing a phased rollout because the servers are frequently overwhelmed even with the few regions they're available in.
Re: (Score:2)
Just rent 3x the servers for launch week. There's a whole "cloud" of such servers available. But perhaps innovations from the past 10 years are too new for AAA games.
Re: (Score:1)
Are you also going to rent 3x the support staff for a week?
Or maybe they just don't like to run their brand new intellectual property on someone else's servers, without an airtight contract, liability for the cloud company, the possibility to audit the provider, etc, etc?
Re: (Score:2)
Are you also going to rent 3x the support staff for a week?
You're not going to have more support issues by provisioning adequate capacity.
Or maybe they just don't like to run their brand new intellectual property on someone else's servers, without an airtight contract, liability for the cloud company, the possibility to audit the provider, etc, etc?
Almost everyone new runs mostly on the cloud these days. Neither Amazon nor Microsoft is going to steal your IP. The whole point of the cloud is to make it trivial to provision large amounts of capacity, temporarily if needed.
ESP does not exist (Score:2)
Nintendo is rolling this out to scale, and scaling as they go. We used to call this smart and profitable tactics in business. Your instant gratification does not matter to a company that goes out of business spending money they don't have on resources.
Stop pretending you are smarter than everyone else and have great ESP. If you had great ESP you would not be posting on Slashdot. Or perhaps you would, but it would be smarter.
Re: (Score:2)
Customer satisfaction is an important goal for any company, but Nintendo especially. High server load for a game during "launch week" requires no ESP - it's entirely predictable. You don't want to build out to a scale that handles launch week load and keep paying for that forever - it can be triple your ongoing load.
If you have an "internal cloud", then you can do this all in your datacenter: provision a ton of capacity, then release it back to your pool for the next game to use. That can be economical.
Re: (Score:2)
Nintendo is fucking AWFUL at handling asymmetric demand & semi-intentionally uses it as a way to create artificial scarcity.
True story: I was ready to buy a Wii on release day. Except they sold out nationwide in about 5 minutes. The same thing happened about a month later when the next shipment arrived. The buzz wore off. Fast forward 6 months... upcoming holiday with plenty of time to play with my new toy... except they were sold out. Again. The last straw was when they were sold out... AGAIN... the ne
Re: (Score:2)
Shocking that AAA game companies still don't get the single most important fact about selling games.
Hollywood has opened AAA movies in China first and made more money than opening in the USA a week later. If that trend continues, Hollywood will make movies that satisfies Chinese audiences first and foremost. The USA will no longer be a trendsetter.
Re: (Score:2)
Like Kung Fu Panda?
https://www.theguardian.com/film/filmblog/2016/jun/14/hollywood-films-in-china-asia-market-warcraft-the-beginning [theguardian.com]
Re: (Score:2)
I'm surprised Hollywood hasn't started making AAA movies filmed with two different casts... one with Mandarin-speaking actors, and one English-speaking actors (but otherwise sharing plot, CGI, sets, costume design, etc). Kind of like how American studios license and remake popular shows from Britain, but doing it right from the start so that both variants of the movie can share in the other's economies of scale and production costs.
Why? Because dubbing sucks, and subtitles suck even more. Just because peopl
Re: (Score:2)
Because dubbing sucks, and subtitles suck even more.
I love Japanese anime because the dubbing and subtitles can vary widely in meaning. One character in "The Ghost in The Shell" describes the major as "tough broad" in audio but the subtitle says "dyke". Makes me wonder how Scarlet Johansson will play the major in the live action movie.
Re: (Score:1)
Re: (Score:2)
There is malware for iOS jailbreak devices that choose to side load apps. The main difference is Android lets you go to a menu to disable the security checks while iOS requires a jailbreak.
Re: (Score:3)
The main difference is Android lets you go to a menu to disable the security checks while iOS requires a jailbreak.
I stand corrected. Stupidity is optional but not mandatory on Android. ;)
Gotta catch'em all (Score:2)
Kids + geocahing: what could possibly go wrong?
Re: (Score:3)
Can't wait to see kids running around the slums, whore houses, drug dens, and all kinds of shitholes looking for stupid pokemons.
I've been amused by considering the special Pokemon you can only catch in the sewers, or on the grounds of a nuclear power station, or on a military base, or in a burning building, or on a construction site. But sure, crack houses are fun too.
Re: (Score:2)
Blinky FTW!
We already know (Score:4, Funny)
That apk and his infected host file is dangerous
And on iOS, you compromise your Google account (Score:3, Interesting)
Also worth mentioning that if you log in to the game via your Google Account under iOS, Niantic gets "full access" to your Google account.
Meaning that they can do things like:
1. Read your email.
2. Send email as you.
3. View photos you've uploaded.
4. View your Google+ Profile (OK, no one cares about this).
5. Delete documents from your Google Drive.
In fact, Google lists only three things it can't do: Change your password, delete your account, or authorize payments via Google Wallet. And that's it.
This doesn't apply under Android for some reason, it's limited solely to iOS.
Re: (Score:2)
Re: (Score:2)
Beats me, I haven't tried the app yet, I was basing my post on this Ars Technica article [arstechnica.com].
The comments are suggesting that this issue exists for some Android users as well, but not all.
But, yeah, apparently it skips the part where it asks for permissions (sometimes, always for iOS?) and just gives Niantic full control of your Google account.
Re: (Score:2)
Niantic, the creators, are an Alphabet company. They already have your info.
They *were* an Alphabet company. They were spun off in 2015.
Re: (Score:3)
No, they aren't, they're entirely independent of Google and have been for the past year. They aren't part of Alphabet. They have no reason to have "complete access" to your Google account, and clearly don't need it because they don't get it if you log in via Android.
Ugh, the "regions" thing again (Score:2)
First the movie studios and their region by region availability but now a video game? Is there some actual reason why a video game of all things isn't availble just anywhere?
Re: (Score:2)
Books and records (now CDs) had probably had regional distribution rights before movies. (given that movies used to only be shown and theaters and not something an average person could purchase)
Re: (Score:2, Informative)
Server load.
Seriously: http://uk.businessinsider.com/pokemon-go-international-rollout-paused-2016-7 Pokemon Go has been vastly more successful than they had prepared for. Server crashes have been pretty frequent, even with the 'limited' release.
SandroRAT? (Score:3)
SandroRAT does sound like a Pokémon name. Seems legit.
Pokemon Bug Removes $7.5B From Nintendo Market Val (Score:2)
"Pokemon Bug Removes $7.5B From Nintendo Market Val"
FTFY :P
I'm in Canada and using an APK file (Score:5, Interesting)
I downloaded the APK from apkmirror which I trust: http://www.apkmirror.com/apk/n... [apkmirror.com].
Furthermore, I'm running Android Marshmallow and it allows you to grant or deny specific privileges to each app. This app asked for 4 permissions: contact list, camera, location and storage. This is how you know it's "authentic".
If it's asking for more than that (i.e. microphone), you've got a malware ridden copy.
Re: (Score:1)
For 0.29.0,
md5: 2580d2687af1ffaaec16ff3b48380f76
sha256: 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67
If you already installed it... (Score:1)
If you installed it from APK Mirror already, Proofpoint said that the SHA-256 for the one they believe to be clean is : 8bf2b0865bef06906cd854492dece202482c04ce9c5e881e02d2b6235661ab67
The infected one has a hash of: 15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4
Actual news for nerds (Score:3)
I'm not sure it gets any more "news for nerds" than this
So...how to detect? (Score:2)
OK, I know several people with android phones who've had to go to unusual lengths to get it running. I'm fortunate, in that I have an antiquated (?) S3, so it won't run anyway.
But what methods could they use to determine if they have this?
What is that (Score:1)
gotta catch 'em all? (Score:2)
Gonna catch something!
Why is this a story? (Score:1)
sdinasindsianf (Score:1)
Re: (Score:1)