Malicious hackers love big targets, and the community of Pokémon Go enthusiasts created a very large target over the last few days. Within 48 hours of the release of the new game, Skycure had already identified a repackaged version of the app. This is an amazing testament to the power of Skycure’s Crowd-sourced Threat Intelligence technology and deep app analysis.
Pokémon Go is now available in the US and much of Europe, but not currently in South America and South East Asia. When a popular app is not available in a market, eager consumers often go looking in non-standard locations – not just third party app stores, but Internet file share sites as well. As would be expected, most of the repackaged app infections have occurred in these “unavailable” markets. This can be dangerous since unofficial versions of the app have not gone through the Google Play vetting process, and are more likely to be unofficial copies that contain malware. Skycure’s recent Mobile Threat Intelligence Report revealed that third-party app stores like Aptoid contain malware at 72 times the rate of Google Play, representing 1 in 23 apps. File share sites and random Dropbox locations are even more likely to contain malicious apps.
Repackaged apps look exactly like the original apps when you open and run them. In fact, they look just like the original apps to many mobile security tools as well. However, additional code injected into the app may gain unwarranted access to the mobile device – like the ability to access and edit SMS messages and contacts, reading web bookmarks and history, and even running other apps. Skycure offers two advantages when it comes to identifying and protecting devices and organizations from repackaged apps.
- First, Skycure’s deep app analysis has the unique ability to look into app behavior, code origin, structure, permissions and many other characteristics not normally evaluated by anti-malware solutions to determine whether the app is legitimate or not.
- Second, the Skycure public app is installed all over the world, evaluating millions of downloaded apps and aggregating results into its massive Crowd-Sourced Threat Intelligence database, allowing for rapid determination if an app has malicious intent or capability.
Whenever possible, get apps from the primary, legitimate app stores to minimize the chance of being infected by malware (Note that Android even has a third-party app store setting that will only allow installation of apps originating from the Google Play store.), and let Skycure’s proactive mobile threat defense solution give you peace of mind, because there is Pokémon Go malware and so many other threats out there.