Tue, 27 Jul 2021 Today's Paper

Risks related to downloading popular game apps via unfamiliar sources

27 October 2016 12:00 am - 0     - {{hitsCtrl.values.hits}}

A A A

Fortinet–the global leader in high-performance cyber security solutions, issued an alert to caution gamers from downloading popular game apps such as Pokémon Go apps from unfamiliar sources. 
“Leading up to the official launch of Pokémon Go in the APAC region, some impatient gamers may have downloaded the virtual augmented game through unsecured third party websites and social media platforms,” said Axelle Apvrille, Senior Mobile Antivirus Researcher at Fortinet. 


“Like most applications nowadays, Pokémon Go (or the third party apps it uses) exposes your privacy and implies unwanted network traffic. With the rise of Pokémon Go, malware authors are likely to continue repackaging the game with a variety of malware and distribute it in different channels on Android and iOS platforms.”


According to Fortinet, there are two types of Pokémon Go applications which avid mobile gamers need to be wary of.


1. The official version - Released by original developer Niantic, the app is generally not malicious.
2. Hacked versions - Developed by third party developers, commonly known as ‘mods’, such apps are most likely to be injected with malware. One such version identified by Fortinet’s FortiGuard Labs has been injected with DroidJack RAT(Remote Access Tools), which is known since 2015.  While on the surface, the infected device operates normally, the malware attacks silently in the background every time the phone is switched on (even when in sleep mode).


However, not all hacked versions are necessarily malicious.Fortinet has inspected hacks to play on Android 4.0 (the minimum requirement is normally 4.4), or to modify GPS coordinates, neither of which showed any malicious intent.

 


Know risks before cownloading
Fortinet’s FortiGuard Labs has listed the following major risks for gamers before downloading Pokémon Go.
Risk #1 – Installing an Infected  version - Beware of infected versions such as those infected with Android/SandrC.tr, dubbed DroidJack RAT. More than 8,800 detections have been made in a year with 160 detected just in last month alone.


Risk #2 – Full Access to Google Account Information - Although Niantic has fixed the error for full access to google account,users are advised to remove the permission from account and upgrade Pokémon Go application to the latest official version.


Risk #3 – Unwanted Network Traffic - Most Android applications are bundled with third-party kits (such as analytics, crash reporting, cross platform engines, etc.) which use up the bandwidth that send and receive more or less useful side information containing, in the best cases, the exact model of your smartphone, or in the worst, personal information such as your phone number and other private data. Pokémon Go is one of these bandwidth hungry applications. 


Risk #4 - Spoofed Pokémon map or activity - To avoid cyber-attack in the game, Niantic has since introduced certificate pinning in version 0.31.0 and above, which ensure that applications exchanged information with the real Pokémon servers and not with others and communicates via HTTPS.
For versions earlier than 0.31.0, there was a lack of certificate pinning and an attacker can perform a Man-In-The-Middle (MITM) attack and completely modify the game for victims.A malicious hacker can easily modify other customizations, such as displaying an infected link in a pokestop, or directly injecting infected traffic.While such attacks are probably feasible, they are tricky, and the attack would only operate on the network where the Pokémon Go MITM proxy is setup

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.

  Comments - 0

See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.

 


Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment


Site survey near Akasa Chaitya: Is it the end of Yala?

The Yala National Park has been at the receiving end of human disturbances fr

Basil Rajapaksa’s catch 22 situation

Sri Lankan politics has been a good deal of family business. It was not even

“This govt. printed Rs. 880 billions”

This is the roadmap of Zimbabwe

“We are on the cusp of a mothers-led movement for better birth rights in Sri Lanka” – Kanya D’Almeida

Writer Kanya D’Almeida became the first Sri Lankan to win the ‘Commonweal



See Kapruka's top selling online shopping categories such as Toys, Grocery, Flowers, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,News, Courier/Delivery, Food Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka.