Next Generation Communications Community Powered by TMCnet
  • Service Providers
  • Industries
  • NextGen News
  • eNews

MENU

  • Home
  • Service Providers
  • Industries
  • NextGen News
  • eNews

Service Provider Featured Article

Hackers Take Advantage of Pokemon Go Craze

August 01, 2016


By Special Guest
Kevin McNamee, Director, Nokia Threat Intelligence Lab -

Pokémon Go has taken the world by storm since its early July launch, but from privacy invasions to new malware detections, security concerns are rising.

Initially released in only a few countries – the U.S., Australia and New Zealand - a number of gaming websites provided instructions that allowed eager gamers in other countries to download the game from untrusted third-party sites and sideload it onto their Android (News - Alert) phone.

This provided an unprecedented opportunity for hackers and it was only a matter of hours before the Nokia Threat Intelligence Lab detected copies of the game that had been injected with malware and made available for download from such third-party sites.

One sample of Pokémon Go was found to be infected with a remote access Trojan called “DroidJack,” which allows the attacker to track the mobile phone’s location, record calls, take pictures and steal information and files.

Source:  Nokia (News - Alert) Threat Intelligence Lab

To the user, it’s identical to the uninfected game, except the first time it’s run, it asks for permission to:

  • Access your contacts
  • Manage and make phone calls
  • Take pictures and record video
  • Access the device’s location
  • Access photos, media and files
  • Record audio

Fortunately, most mobile anti-virus products will detect this and prevent installation. Also, given the malware asks for an unusually large number of permissions, educated and aware users are likely to be tipped off to exercise caution.

 Injecting the malware into the game is quite simple; the whole process taking less than 10 minutes. The hacker merely has to obtain a legitimate copy of the game and open the game package (APK file) using “apktool,” a standard part of an Android developer’s toolkit. This gives access to the game’s manifest, byte code, resources and assets.

The attacker then drops in the malware code, adjusts the manifest to include the malware components and makes a minor hack to the game’s byte code to run the malware when the game starts up. Apktool can then be used to rebuild the app, signed with a bogus digital certificate. Then the app is distributed to as many third-party app stores as possible.

Figure: Part of Pokémon Go manifest showing “DroidJack” injection.

For the consumer, the following rules will keep them safe: 

  1. Don’t download games or apps from untrusted third-party sites
  2. Install anti-virus software on your mobile phone
  3. Don’t grant games or apps permissions they obviously don’t need.

Related Links

  • https://blog.networks.nokia.com/mobile-networks/2016/07/04/smartphones-new-attack-vector-hackers/
  • https://networks.nokia.com/products/security-guardian

About the Author

Kevin McNamee, the Director of Nokia's Threat Intelligence Lab, is a seasoned IT security professional with more than 30 years of experience. Previously at Alcatel-Lucent he designed their cloud-based malware detection system and was director of Security Research with Alcatel-Lucent's Bell Labs (News - Alert), specializing in the analysis of malware propagation and detection. Kevin is the primary author of the Nokia Threat Intelligence Report and has had several recent speaking engagements at BlackHat, RSA (News - Alert), SECTOR and (ISC)2.  




Edited by Peter Bernstein
blog comments powered by Disqus
Return to the Next Generation Communications Homepage

Subscribe to our FREE
Next Generation Communications eNewsletter
Subscribe

Breaking News

Seed Group partners with Silicon Valley-based JIFFY.ai to Facilitate Growth of Intelligent Automation Industry
1/25/2021
AM Best Revises Outlooks to Positive for Hotai Insurance Co., Ltd.
1/22/2021
Sierra Wireless Announces the Planned Retirement of President and CEO Kent Thexton
1/21/2021
Fishtech Group CYDERES to offer Insider Threat Monitoring as a Service
1/21/2021
Zendesk Research Predicts: Business Success in 2021 Hinges on Delivering Exceptional Customer Experiences
1/21/2021
  • Home
  • Service Providers
  • Industries
  • NextGen News
Powered By Technology Marketing Corp. © 2021 Copyright. Ph: (800)-243-6002 (203)-852-6800 Fx: (203)-853-2845 | Contact us