• A player plays Pokemon GO in his car.

A player plays Pokemon GO in his car. (Photo : YouTube/ MasterOv)

Niantic Labs has not yet released the Pokémon GO AR game for everyone across the globe leaving some to download Pokémon GO APK files which some of them have been found to contain malware.


Pokémon GO was first launched in New Zealand and Australia on July 4 and users in the United States got the green light to download the app on Google Play Store on July 6. Japan and the rest of the world still has no access to the official app.

Like Us on Facebook

Users outside the available markets were desperate to try out the game for themselves. There was one alternative and that was to download the Pokémon GO APK file which was supposedly extracted.

One problem was some of the Pokémon GO APK files were found to be infected with a malicious remote access tool (RAT) dubbed as Droidjack or SandroRAT, Proofpoint researchers have learned. The malware can allow a remote hacker to take control of an infected smartphone.

While nobody has reported that their smartphone was infected by the malicious APK file, the researchers discovered that one infected Pokémon GO APK file was uploaded to a malicious file repository service less than three days after the game was initially released. There are some signs that a user can seek for to determine whether their phone has been compromised.

The malicious Pokémon GO application has certain permissions that are not present in the original installation. These include the permission to directly call phone numbers, edit text messages, record audio, modify the user's contacts and more.

Proofpoint researchers believe that an infected phone could be used to sabotage corporate and enterprise networks, Android Central reported. Users are advised to just wait for the official rollout of Pokémon GO in their country as it is expected to be fully released everywhere before August.

There are also rumors that Niantic Labs will be banning those who have downloaded a Pokémon GO APK from third-party sites. Fortunately, there hasn't been any concrete proof that this happened and that everything else is just hearsay.

Niantic Labs themselves have not confirmed the speculations. Pokémon GO players should avoid using location spoofers in order to be protected from banning in the future.