Home
Apps
Apps News
FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point

FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point

By Ketan Pratap | Updated: 27 April 2017 13:01 IST

Click Here to Add Gadgets360 As A Trusted Source

Highlights

Check Point reported 40 Android apps infected with "FalseGuide" malware
The researchers reported the apps to Google
The infected apps were removed from Google Play

Mobile threat researchers at Check Point have discovered a new strain of malware infecting millions of Android devices via Google Play. The researchers claim that the new botnet malware dubbed FalseGuide was hidden in over 40 guide apps for games in Google Play.

"Check Point notified Google about the malware, and it was swiftly removed from the app store," point out Oren Koriat, Andrey Polkovnichenko, and Bogdan Melnykov researchers in a blog post.

The researches add that the infected apps managed to cross 50,000 installs, and roughly infected up to 600,000 devices. Check Point, however, has since updated the blog post adding FalseGuide attack was far more extensive than originally understood. Five new infected apps were found in Google Play which were uploaded in as early as November 2016 suggesting that these managed to hide successfully for five months.

"The apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads. The updated estimate now includes nearly 2 million infected users," wrote the researchers.

The researchers also explain how the new FalseGuide malware functions as these create a "silent botnet" out of the infected devices for adware purposes.

For those unaware, a botnet is a group of devices controlled by hackers without the knowledge of their owners, and are used for various purposes "based on the distributed computing capabilities of all the devices."

Further detailing, researchers added, "FalseGuide requests an unusual permission on installation - device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app."

Once subscribed, FalseGuide"malware can help download additional modules on the infected device. "Depending on the attackers' objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks," concluded researchers.

According to researchers,"FalseGuide malware covers itself as guiding apps as it's easy to monetise on the success of the original gaming app and guiding apps require very little development and feature implementation. Check Point has listed all the games that carry the new FalseGuide malware.

Comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Malware Attack, FalseGuide, Botnet Malware, Google Play, Android, Apps

Ketan Pratap

Email Ketan

Ketan Pratap is the Editor at Gadgets 360. His primary role - debugging the tech hype, benchmarking the future, and compiling it all into precise news, features or reviews. He has spent over 14 years calling out vaporware and identifying the best tech. He’s your guide for everything from chipsets to smart-home meltdowns. When his own batteries are low, he heads for the hills—literally. He’s someone who prefers a remote mountain pass, appreciating a 12,000-foot view that no VR ...More