The particular APK version of Pokémon Go includes a well known RAT: SandroRAT. Due to this some antivirus software for Android might pick it up at a scan. But most people don’t use an antivirus. The RAT starts silently after side-loading the APK and it will go undetected by the user. Getting infected would virtually give an attacker full control over a victim’s phone.
The official version of Pokémon Go was not released for all countries as of now. Yet, there is a lot of buzz around it and a lot of Android smartphone users are tented to go ahead and download the game outside of Google’s Play store for apps. Many websites were found to be hosting Pokémon Go APKs for people to download ahead of time. If someone decides to install applications that could be potentially dangerous the only way they could maybe spot such a malware is by carefully reviewing the permissions requested by the installing application. But researchers warn us to be really careful as there are many cases in which some malware apps can use permissions in ways not thought to be possible by also taking advantage of known exploits.