Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

FalseGuide Malware Racks Up 2 Million Installs on Google Play

The FalseGuide malware has infested several apps in the Google Play store, providing yet more evidence against the conventional wisdom that sticking to the official app store is safe.

According to Check Point researchers, the trojanized apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an alarming 2 million infected users.

“The malware… was hidden in more than 40 guide apps for games,” said researchers in an analysis. “Check Point notified Google about the malware, and it was swiftly removed from the app store. At the beginning of April, two new malicious apps were uploaded to Google Play containing this malware, and Check Point notified Google once again.”

FalseGuide creates a silent botnet out of the infected devices for adware purposes, and it requests an unusual permission on installation—device admin permission—in order to avoid being deleted by the user.

“The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app,” researchers noted. “Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device….the botnet is used to display illegitimate pop-up ads out of context, using a background service that starts running once the device is booted. Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.”

Mobile botnets are a growing trend since early last year, growing in both sophistication and reach.

“This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code.” Users shouldn’t rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs.

What’s Hot on Infosecurity Magazine?