Cybersecurity researchers at Proofpoint have discovered a malware-infected version of the Pokémon GO app for Android devices.
The malicious app is of particular concern to Pokémon addicts in regions where the game has not yet launched -- so far only Australia, New Zealand and the United States have access to the game in official app stores.
Proofpoint's warning reads:
Proofpoint researchers discovered an infected Android version of the newly released mobile game Pokemon GO. This specific APK was modified to include the malicious remote access tool (RAT) called DroidJack (also known as SandroRAT), which would virtually give an attacker full control over a victim's phone.
The infected versions of the app haven't snuck their way onto the official Google Play store, so users would only be exposed to the game via unofficial third-party stores. In other words, if the game hasn't launched in your country yet, cool your jets and wait your turn.
For those who haven't been listening to the buzz, Pokémon Go uses your phone's camera and location to put Pokémon in the real world.
The game uses your phone's GPS system to locate monuments and various local landmarks from which you can pick up inventory such as pokéballs and potions. The game calls these Pokéstop's. Pokémon then emerge from the 'tall grass' and you have to catch 'em all.
The Pokéstop's give you information about the various landmarks, which is pretty great -- especially if you're traveling or don't pay attention when you walk around your own city.
It encourages you to get out and explore the real world unlike some other mobile games that you can play from the comfort of your couch. You also have to pay particularly close attention to where you're going to ensure you don't miss any monuments. The downside is while you're physically in these cool places, you're probably not paying attention to them IRL because the game demands your attention.
If you're reading this from the rest of the world, be patient. Alternatively, come visit us Down Under.