Hacked Pokémon GO version with DroidJack malware spotted, here's how to check if your APK is legit

If you are wondering what the Pokemon Go craze is all about, but are georestricted and want to sideload the game on your handset, be warned that a couple of third-party sites that are carrying it, have packaged the viral hit with a potent malware companion, dubbed DroidJack or SandroRAT that can give control over your phone to unknown parties.

About three days after the game had been officially released in New Zealand and Australia, the modified files of the original Pokemon Go APK were uploaded to a malicious file hosting service, and some are referencing them into tutorials how to sideload the game in order to evade the georestrictions that have been imposed by the makers. Our own Pokemon Go installation manual includes a clean and vetted link, so head over there if you want to be sure there's no Jack in your Go.

If you want to check whether you have installed the clean APK, or the modified Pokemon Go version with the DroidJack malware, there are a few things you can do:

1. Check the hash of the downloaded APK. If the SHA256 hash reads as this, you have the hacked version:

    15db22fd7d961f4d4bd96052024d353b3ff4bd135835d2644d94d74c925af3c4 

2. Compare the permissions screens that pop up before you start the installation by going to Settings > Apps > Pokemon Go > Permissions

source: Proofpoint