FalseGuide, a new strain of malware has been identified by Mobile threat researchers at Check Point. Infecting millions of Android devices, this new botnet malware, dubbed FalseGuide was hidden in over 40 guide apps for games in Google Play Store.
Nearly 2 Million Android s Infected:
Initially thought to be 600,000 s, the number of Android s who have installed malware on their devices from Google Play Store has reached 2 Million so far.
According to Check Point, FalseGuide creates a “silent botnet out of the infected devices” to deliver fraudulent mobile adware and generate ad revenue for cybercriminals. (A botnet is a group of devices controlled by hackers without the knowledge of their owners). The malware requests an unusual permission on installation i.e., device permission so that to avoid being deleted by the , an action which normally suggests a malicious intention. The malware then s itself to a Firebase Cloud Messaging – a cross-platform messaging service that allows app developers to send messages and notifications.
Once subscribed to the service, FalseGuide can allow the attackers to send messages containing links to additional modules and them to the infected device, enabling attackers to display illegitimate pop-up ads out of context. Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.
“Mobile botnets are a growing trend since early last year, growing in both sophistication and reach. This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only s the actual harmful code. s shouldn’t rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs.”
“The apps were ed to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of s. The updated estimate now includes nearly 2 million infected s,” Check Point researchers wrote in a blog post.
Check Point has listed all the games that carry the new FalseGuide malware – Guide or FIFA Mobile, Guide for LEGO Nexo Knights, Guide for Rolling sky, Guide for Terraria, Guide for Pokemon GO, Guide Amazing Spider-Man 2, ProGuide LEGO Marvel Superhero, Guide Dream League Soccer, LEGUIDE LEGO City Undercover, LEGUIDE LEGO City My City, Guide for Rolling Sky, Guide for Ninjago Tournament, Guide for Hungry Shark World, Guide For FIFA 17, Guide for Mortal Kombat X, Guide for Shadow fight 3 and 2 and many more.
Check Point researchers notified Google about FalseGuide in February, after which the company silently removed the malware apps from the Play Store.
But despite being removed, the malicious apps are likely still active on a number of devices, leaving Android s open to cyber attacks.
Measures to follow to remain unaffected:
- The only way to safeguard your device from these risks is to pay attention to the applications we decide to install, and always app permissions before installing: if there is any doubt, it is best for you to discard the installation.
- Always apps which are from trusted and verified developers.
- Be careful with apps that ask for istrative rights. rights are powerful and can give an app full control of your device.
