Home
Apps
Apps News
FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point

FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point

By Ketan Pratap | Updated: 27 April 2017 13:01 IST

Highlights

Check Point reported 40 Android apps infected with "FalseGuide" malware
The researchers reported the apps to Google
The infected apps were removed from Google Play

Mobile threat researchers at Check Point have discovered a new strain of malware infecting millions of Android devices via Google Play. The researchers claim that the new botnet malware dubbed FalseGuide was hidden in over 40 guide apps for games in Google Play.

"Check Point notified Google about the malware, and it was swiftly removed from the app store," point out Oren Koriat, Andrey Polkovnichenko, and Bogdan Melnykov researchers in a blog post.

The researches add that the infected apps managed to cross 50,000 installs, and roughly infected up to 600,000 devices. Check Point, however, has since updated the blog post adding FalseGuide attack was far more extensive than originally understood. Five new infected apps were found in Google Play which were uploaded in as early as November 2016 suggesting that these managed to hide successfully for five months.

"The apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads. The updated estimate now includes nearly 2 million infected users," wrote the researchers.

The researchers also explain how the new FalseGuide malware functions as these create a "silent botnet" out of the infected devices for adware purposes.

For those unaware, a botnet is a group of devices controlled by hackers without the knowledge of their owners, and are used for various purposes "based on the distributed computing capabilities of all the devices."

Further detailing, researchers added, "FalseGuide requests an unusual permission on installation - device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app."

Once subscribed, FalseGuide"malware can help download additional modules on the infected device. "Depending on the attackers' objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks," concluded researchers.

According to researchers,"FalseGuide malware covers itself as guiding apps as it's easy to monetise on the success of the original gaming app and guiding apps require very little development and feature implementation. Check Point has listed all the games that carry the new FalseGuide malware.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Malware Attack, FalseGuide, Botnet Malware, Google Play, Android, Apps

Ketan Pratap

Email Ketan

Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More