Pokemon Go is a huge hit. It has added $11 billion to Nintendo’s value since its release five days ago. But its success has also crashed the games’ servers, and caused its makers to “pause” its global roll-out. That means it’s only available to gamers in the US, Australia, and New Zealand right now.
One way to start playing Pokemon Go before its official release is to “sideload” it onto a mobile device. That means downloading and installing the game from an unofficial channel like a website that hosts these files, or from file-sharing networks like BitTorrent. It’s not clearcut piracy, particularly because Pokemon Go is free to play, and plenty of people have been doing just that.
One of the most popular websites for finding apps that you can sideload on Android is APK Mirror. Traffic from players seeking a Pokemon workaround has surged, according to analytics firm SimilarWeb. When Pokemon Go was released on July 5, APK Mirror’s traffic spiked more than sixfold to 4 million visitors, SimilarWeb found. A third of all traffic to APK Mirror over the 28-day period ending July 7 were from Pokemon-related search terms, SimilarWeb said.
Security firm ProofPoint said it found a version of Pokemon Go containing malware known as DroidJack about two days after the game was officially released in New Zealand and Australia. DroidJack does a few pretty scary things, according to the security firm Symantec, which analyzed the malware in 2014. These include:
- Viewing all messages on a device
- Listening to all voice calls on a device
- Listening live or recording audio from a device’s microphone
- Controlling a device’s camera
- Obtaining a device’s last known GPS location
DroidJack has been linked to malware developers in India, according to Symantec. It’s also being touted as a remote administration tool for Android devices for $210 a pop.
If you’re playing a DroidJack-ed version of Pokemon Go, you probably won’t notice any differences in the game itself. Luckily, there’s a simple way to check if your Pokemon Go is carrying malicious software. Check the “permissions” granted to Pokemon Go on your phone. According to ProofPoint, an infected copy would have unusual permissions granted, such as:
- Record audio
- Directly call phone numbers
- Read call log
- Read your web bookmarks and history
ProofPoint said it found the infected Pokemon Go file on a server where malware is shared, and that it hasn’t been observed on an actual user’s phone yet. But the longer players are denied official access to the game, the greater the temptation to join the action by downloading it unofficially. There’s been no word from the game-maker, Niantic Labs, or Nintendo, about the game’s release schedule yet. We’ve asked both companies about the release schedule and will update the post with any response.
Using a sideloaded copy of Pokemon Go might also have another repercussion. You could be banned from the game for cheating, according to its “Trainer Guidelines.” Some users have become so paranoid about being banned that they’ve deleted their sideloaded games to wait for the official release.