G Data

Pokémon Go: Built-in backdoor for Android-App discovered

Pokémon, the adorable little pocket critters, are back. These little Japanese animals make a comeback as virtual-reality-game for smartphones. Attackers try to use the popularity of this brand new game for themselves and prey on impatient gamers who cannot wait for the game to be released: at least one malicious version of the app has been discovered. In a file sharing network, a version of the app installer was found that contained a remote control for Android devices. It appears that the legitimate app was repackaged with some added malware using a tool called “DroidJack”. The tool itself has legitimate use cases for developers, but in this case it was used to add a malicious piece of software called “AndroRAT”. G DATA customers are protected from the malicious app which is detected as “Android.Trojan.Kasandra.B”.

The G DATA experts’ analysis and security tips can be found here:

https://blog..gdatasoftware.com/2016/07/28734-pokemon-go-catch-em-all-but-not-at-any-cost

 

The press release is available here:

https://www.gdatasoftware.com/newsroom/news/article/pokemon-go-built-in-backdoor-for-android-app-discovered

 

Tips to stay safe while playing – here are seven tips that will keep you safe which on the hunt for Pidgey and other Pokémon:

 

  • Only install apps from trusted sources! The malicious app was distributed outside the official Google Play Store. This means that the app can only be installed when explicitly allowing the installation of apps from unknown sources.
  • Protect your mobile device with a security solution! A mobile device, just like your PC at home, must be equipped with a comprehensive security solution to fend off digital attacks.
  • Check the permissions requested by an app during installation! Illegitimate apps will try to secure additional permissions. Apps that request permission to use services that may cost you money or access to audio recording should always be put to scrutiny. Current Android versions will also ask you to confirm the permissions when first running the app.
  • Be on your guard when on the hunt, both online and offline! The real world can be a dangerous place for Pokémon trainers – especially if you are on the hunt for a rare Pokémon and end up standing in the middle of a street.
  • Think first, then go on a hunt! No game is perfect and can contain minor glitches. Should a Pokémon be located near a steep decline, it’s always better to leave it be than to risk injury. Also, avoid hunting for Pokémons in ‘shady areas’ – you can never rule out that there is a real-life thief who is after your smartphone.
  • Think of your privacy! The game needs the GPS coordinates of your smartphone or tablet PC in order for it to work. Any data collected in this process is available to the developers. Screen shots from the game posted on the web also can give away your current location.
  • Avoid ruining your finances! In many games you can buy in-game items for real currency. Those items give you an advantage inside the game. Such purchases can get out of hand if they go unchecked. We recommend either disabling in-app purchases altogether or at least carefully monitoring them and checking your invoices.

 

 

+++++++++++++++++++++++++++++++++++++++++

 

+++ Android malware „HummingBad“ has infected millions of smartphones +++ G DATA Mobile Internet Security for Android protects against the malware +++

 

“HummingBad”, a new type of Android malware, has, according to media reports, infected millions of smartphones and tablet worldwide during the past few days and weeks. The malware in question is highly lucrative for its makers – each month they can rake in up to 300.000 Euros in revenue. The makers of this malware work for an advertising company called “Yingmob” which is based out of China, say researchers of security firm Checkpoint. In the past the company has gained some notoriety for peddling an iOS malware dubbed “YiSpecter”. Users who have installed a G DATA solution on their mobile device are protected: the HummingBad malware is detected as “Android.Trojan.Iop.Y” or as “Android.Trojan.Agent.A”.

 

More information about the malware and how to protect oneself:

https://blog.gdatasoftware.com/2016/07/28719-hummingbad-money-making-malware-made-in-asia

 

The press release can be found here:

https://www.gdatasoftware.com/newsroom/news/article/android-malware-hummingbad-has-infected-millions-of-smartphones