motherboard: Like really, really popular—so much so that players are spoofing their phone's location using VPNs in their quest to catch 'em all. by Joshua Kopstein
'But wannabe Pokémon masters should take heed: amid high demand for the game as it slowly rolls out across the globe, security researchers have discovered a malicious version of the Pokémon GO app floating around that installs a backdoor on Android phones, allowing hackers to exploit Poké-hype to completely compromise a user's device.
'The security firm Proofpoint discovered the malicious application, or APK, which was infected with DroidJack, a remote access tool (RAT) that compromises Android devices by silently opening a backdoor for hackers. The malicious app was uploaded to an online malware detection repository on July 7, less than 72 hours after Nintendo released the game in Australia and New Zealand.
'To install it, a user needs to “side-load” the malicious app by disabling an Android security setting that normally prevents the installation of unverified third-party apps from unknown sources.'