Mon, 06 Feb 2023 Today's Paper

Risks related to downloading popular game apps via unfamiliar sources

27 October 2016 12:00 am - 0     - {{hitsCtrl.values.hits}}

A A A

Fortinet–the global leader in high-performance cyber security solutions, issued an alert to caution gamers from downloading popular game apps such as Pokémon Go apps from unfamiliar sources. 
“Leading up to the official launch of Pokémon Go in the APAC region, some impatient gamers may have downloaded the virtual augmented game through unsecured third party websites and social media platforms,” said Axelle Apvrille, Senior Mobile Antivirus Researcher at Fortinet. 


“Like most applications nowadays, Pokémon Go (or the third party apps it uses) exposes your privacy and implies unwanted network traffic. With the rise of Pokémon Go, malware authors are likely to continue repackaging the game with a variety of malware and distribute it in different channels on Android and iOS platforms.”


According to Fortinet, there are two types of Pokémon Go applications which avid mobile gamers need to be wary of.


1. The official version - Released by original developer Niantic, the app is generally not malicious.
2. Hacked versions - Developed by third party developers, commonly known as ‘mods’, such apps are most likely to be injected with malware. One such version identified by Fortinet’s FortiGuard Labs has been injected with DroidJack RAT(Remote Access Tools), which is known since 2015.  While on the surface, the infected device operates normally, the malware attacks silently in the background every time the phone is switched on (even when in sleep mode).


However, not all hacked versions are necessarily malicious.Fortinet has inspected hacks to play on Android 4.0 (the minimum requirement is normally 4.4), or to modify GPS coordinates, neither of which showed any malicious intent.

 


Know risks before cownloading
Fortinet’s FortiGuard Labs has listed the following major risks for gamers before downloading Pokémon Go.
Risk #1 – Installing an Infected  version - Beware of infected versions such as those infected with Android/SandrC.tr, dubbed DroidJack RAT. More than 8,800 detections have been made in a year with 160 detected just in last month alone.


Risk #2 – Full Access to Google Account Information - Although Niantic has fixed the error for full access to google account,users are advised to remove the permission from account and upgrade Pokémon Go application to the latest official version.


Risk #3 – Unwanted Network Traffic - Most Android applications are bundled with third-party kits (such as analytics, crash reporting, cross platform engines, etc.) which use up the bandwidth that send and receive more or less useful side information containing, in the best cases, the exact model of your smartphone, or in the worst, personal information such as your phone number and other private data. Pokémon Go is one of these bandwidth hungry applications. 


Risk #4 - Spoofed Pokémon map or activity - To avoid cyber-attack in the game, Niantic has since introduced certificate pinning in version 0.31.0 and above, which ensure that applications exchanged information with the real Pokémon servers and not with others and communicates via HTTPS.
For versions earlier than 0.31.0, there was a lack of certificate pinning and an attacker can perform a Man-In-The-Middle (MITM) attack and completely modify the game for victims.A malicious hacker can easily modify other customizations, such as displaying an infected link in a pokestop, or directly injecting infected traffic.While such attacks are probably feasible, they are tricky, and the attack would only operate on the network where the Pokémon Go MITM proxy is setup


Order Gifts to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Vegetables, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Sending Money,Online Books, Delivery Service, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop Sri Lanka

  Comments - 0

Order Gifts to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Vegetables, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Sending Money,Online Books, Delivery Service, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop Sri Lanka

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment




Order Gifts to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Vegetables, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Sending Money,Online Books, Delivery Service, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop Sri Lanka

Pain and punishment

Should we spare the rod and spoil the child? Does it really happen? Children

Health System in the emergency room

Sandya Kumari from Kotahena has been experiencing chest pains since 2015 and

Canada’s targeted sanctioning of Gota and Mahinda

History was made last week when two former executive presidents of Sri Lanka

SC judgement on Easter attack: Court rules negligence stood in the way of avoiding most heinous crime

“On the ill-fated day of 21st of April 2019, this island home was awoken ru