Sometimes aspiring Pokemon masters want that extra edge to their game and go looking for guides on how to play the game better. Looking in the Google Play Store may have led the players astray as one guide was secretly malware. Kaspersky was able to detect a trojan inside the app but said that multiple defenses made it difficult to reverse engineer to see how it fully works. One defense is that it delays any bad activity by two hours to try to thwart those who are trying to see what it can do. It also doesn’t do anything bad until it receives a respond from the server that is calling the shots. Once its determined its a desireable victim, it downloads files to attempt to root the phone and then grant itself root access. The Play Store reports half a million installs but Kaspersky claims they have only confirmed 6,000 infections live right now. Luckily the worst thing the app has done so far is install its own ads to make money.
The hacker may continue to publish under other psuedonyms for the next big gaming craze that might hit app stores. It is also worrying that hackers are trying to implement anti-virtual machine technology making it harder to create a testing environment that you can reset if things go wrong.
http://news.softpedia.com/news/rogue-pokemon-app-roots-and-hijacks-android-devices-508310.shtml
Ahmed A. Alkaysi says
I am actually surprised that only 6,000 infections are “live” even though the app has only a half million installs. It is very interesting and scary to hear that the malware is smart enough to not activate itself and do anything detrimental until it is “calling the shots” and 2 hrs have passed. One has to wonder what other malware is hidden in the android playstore.
Noah J Berson says
The 6,000 is the number they were able to record. The biggest android anti-virus apps probably don’t have the huge a base as many people don’t even consider it an issue on phones yet. This is probably what keeps their number low for detection. When malware is successful, imitators always spring up and try to follow them. There are already reports of similar apps from other developers in the Play Store. I think sleeping malware is an old technique as there are some famous viruses that don’t do anything until a specific date.
Wade Mackey says
We do not cover it in this class, but there is a whole discipline of reverse engineering malware. We will talk very briefly about some anti-forensics techniques in the second semester, but it is a technical subject that requires a lot time and study. It also helps to have experience as an assembly language developer.
Wade
Mengxue Ni says
I played Pokemon Go for a while, and I downloaded another app that could help me to find the exact position and Pokemon. I think I read another article coupe days ago, it also mentioned Pokemon Go was a major game that hackers used to spread malware. It is a very popular game now, and players all want to get better Pokemons. Therefore, a lot of them will ignore the danger of malware. It is really hard to protect us from this kind of attractions .
Noah J Berson says
There are a few ways to try to stay safe with apps so you can keep catching Pokemon (there are a lot around campus). Do not “sideload” apps onto your device and keep debug mode off. Don’t download apps that are fairly new as Google and Apple do catch them eventually. Deny permissions to apps that request extra access that what you know they should need. The safety added by antivirus on the phone is questionable but they may work too.
Mengqi He says
I also played Pokemon GO for some time. I was surprised by people’s craze on catching Pokemons. That may be why people downloaded the guide app. To me, the icon of the guide app looks simple,unsophisticated, and even a little suspect. It seems that it was developed by a small company. I usually don’t download apps with wired icons and user interfaces because it means dangers. Although a sophisticated icon does not mean the app is safe, but as least it means the company sends time to design the icon, while attackers usually don’t spend time on that. However, it is also true that attractive icons sometimes are traps to attract victims. Therefore, we have to be careful all the time.