Not offcially launched in Vietnam as well as many other countries, the wildly popular new game Pokémon GO can still be downloaded from unofficial sources on the Internet, from which fake apps appear and some cases have put user’s smartphone at risk. Taking a deep look into several of such apps, Bkav identified the malware capable of taking full control of Android devices.

Malware found in fake Pokémon GO apps is DroidJack (a Remote Access Tool malware), one of the most powerful and dangerous trojans on Android. This trojan owns many malicious features such as automatically installing any apps on victim smartphones as required by hackers, turning on camera, microphone to record video, mic, and all conversations and messages of device owners, etc, simultaneously sending stolen information to hackers. Analysing how the malware is inserted in the app, Bkav detected the C&C server of hackers was located in Turkey.

Expert Ta Duc Thien from Bkav shared the method to insert malware into fake apps as follows: “The crooks only need to download APK file of Pokémon GO app from the manufacturer, and insert malware into source code file of the software. This is quite simple by using tools popularly available online. Software injected with malware then is launched on the Internet under a name identical to “genuine” software, and can operate normally after being downloaded to smartphones. Therefore, users are unaware of being victims; even when their smartphones are controlled remotely”.

Bkav recommends users should not download and use fake Pokémon GO apps from unknown sources, only select from official app store when the manufacturer launches officially in Vietnam. Bkav has updated the sample of malware in fake Pokémon GO on Bkav Mobile Security; users can download to check their smartphones here.

Bkav