Pokemon Go split
Pokemon Go screenshots. Courtesy of Niantic Labs

Hackers Are Spreading Malware Through Pokémon GO

Jul 10, 2016

Nintendo’s new Pokémon GO augmented reality game has quickly proven to be a cultural phenomenon, juicing the company’s stock. But it is only available in certain countries right now, leading some players to install the game from third-party sources. Now, a malicious version of the software is poised to infect Android phones with code that provides hackers a backdoor to their phones.

Get Data Sheet, Fortune’s technology newsletter.

The exploit was discovered by the security firm Proofpoint. Proofpoint researchers found a version of the Pokémon GO program that included a remote access tool, or RAT, called Droidjack, which they say can give an attacker “full control over a victim’s phone.”

The malicious version of the game was uploaded to a file sharing service on July 7th, just a few days after the game’s official release. Though they say they have not observed the malware in action "in the wild," Proofpoint provides a few methods for concerned players to determine if they've inadvertently downloaded a compromised version of the game.

For more on cybersecurity, watch our video:

One of the major features distinguishing Android phones from iPhones is their ability to “side load” files downloaded from sources outside of Google’s Play Store. This allows users more flexibility, but is also, as Proofpoint puts it, “an extremely risky practice,” and part of the reason Android systems are more vulnerable to viruses and hacking than iPhones.

This is also not the first problem for Pokémon GO, which exactly thanks to its immense popularity experienced significant server issues at launch.

All products and services featured are based solely on editorial selection. FORTUNE may receive compensation for some links to products and services on this website.

Quotes delayed at least 15 minutes. Market data provided by Interactive Data. ETF and Mutual Fund data provided by Morningstar, Inc. Dow Jones Terms & Conditions: http://www.djindexes.com/mdsidx/html/tandc/indexestandcs.html. S&P Index data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Terms & Conditions. Powered and implemented by Interactive Data Managed Solutions