Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
FalseGuide Malware in Play Store Infects 2M Users, Forces Phones to Join Botnet
#1    FalseGuide Malware in Play Store Infects 2M Users, Forces Phones to Join Botnet
Dozens of infected apps went under Google's radar
Apr 25, 2017 21:45 GMT  ·  By Gabriela Vatu ·  Share:      
About 600,000 Android users have mistakenly installed malware on their devices straight from Google Play, the company's official app store. 

According to cybersecurity researchers from Check Point, the malware was hidden in more than 40 fake companion guide apps for popular games, such as Pokemon GO and FIFA Mobile, which led to the malware's name being FalseGuide.

While originally it was believed the oldest fake guide to hit Google Play was uploaded in February this year, making this a recent campaign, the researchers went a little deeper and discovered additional apps from back in November 2016.

FalseGuide was believed to have infected north of 600,000 users, but the number now sits at 2 million Android users, all of whom have mistakenly downloaded and installed malware on their devices while seeking guides for their favorite games.

After infection, FalseGuide creates a silent botnet out of the infected devices for adware purposes.

"FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app. Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device," the report shows.

A complicated campaign
After some investigation, the company figured out the botnet was being used to display illegitimate pop-up ads out of context, using a background service that starts running once the device is booted. "Depending on the attackers' objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks."

The apps were posing as guides for FIFA Mobile, Lego Nexo Knights, Lego City My City, Rolling Sky, Terraria, World of Tanks, Drift Zone 2, Mobile Legends, Criminal Case, Subway Surfers, Pokemon Go, Dream League Soccer, Super Mario, Amaz3ing Spider Man, Ninjago Tournament, and so on.

Mobile botnets have been growing in popularity since early last year, the researchers note. This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code.

The FalseGuide apps have been removed from the app store.

Possibly Related Threads…
Thread Author Replies Views Last Post
  Android malware apps with 2 million installs spotted on Google Play tarekma7 0 257 12-05-2022 , 04:09 PM
Last Post: tarekma7
  Password recovery tool infects industrial systems with Sality malware tarekma7 0 429 07-17-2022 , 09:32 AM
Last Post: tarekma7
  New Android malware on Google Play installed 3 million times mrtrout 0 374 07-14-2022 , 02:55 AM
Last Post: mrtrout
  SharkBot malware hides as Android antivirus in Google Play tarekma7 0 633 03-05-2022 , 05:47 PM
Last Post: tarekma7
  Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways mrtrout 0 327 08-21-2021 , 10:35 PM
Last Post: mrtrout

Forum Jump:

Users browsing this thread: 1 Guest(s)