- Apr 21, 2016
- 4,367
About 600,000 Android users have mistakenly installed malware on their devices straight from Google Play, the company's official app store.
According to cybersecurity researchers from Check Point, the malware was hidden in more than 40 fake companion guide apps for popular games, such as Pokemon GO and FIFA Mobile, which led to the malware's name being FalseGuide.
While originally it was believed the oldest fake guide to hit Google Play was uploaded in February this year, making this a recent campaign, the researchers went a little deeper and discovered additional apps from back in November 2016.
FalseGuide was believed to have infected north of 600,000 users, but the number now sits at 2 million Android users, all of whom have mistakenly downloaded and installed malware on their devices while seeking guides for their favorite games.
After infection, FalseGuide creates a silent botnet out of the infected devices for adware purposes.
"FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app. Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device," the report shows.
Read more: FalseGuide Malware in Play Store Infects 2M Users, Forces Phones to Join Botnet
According to cybersecurity researchers from Check Point, the malware was hidden in more than 40 fake companion guide apps for popular games, such as Pokemon GO and FIFA Mobile, which led to the malware's name being FalseGuide.
While originally it was believed the oldest fake guide to hit Google Play was uploaded in February this year, making this a recent campaign, the researchers went a little deeper and discovered additional apps from back in November 2016.
FalseGuide was believed to have infected north of 600,000 users, but the number now sits at 2 million Android users, all of whom have mistakenly downloaded and installed malware on their devices while seeking guides for their favorite games.
After infection, FalseGuide creates a silent botnet out of the infected devices for adware purposes.
"FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app. Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device," the report shows.
Read more: FalseGuide Malware in Play Store Infects 2M Users, Forces Phones to Join Botnet
