Malware Tricks Over 600,000 Android Users

Android users might have put themselves in danger and not even know it. It’s estimated that over 600,000 users accidentally downloaded malware from Google Play. The malware, once downloaded, attempts to create a botnet which then brings fraudulent mobile adware and earns money for the cyber criminals responsible for the malware’s creation.

Cyber security researchers at Check Point discovered the sneaky malware and named it FalseGuide. The malware is hidden within over 40 fake companion guide applications for app games like Pokemon GO and FIFA Mobile. Check Point also found that the oldest of the malware was put on Google Play around February 14th of this year.

What makes things worse is the fact that several of the apps have been downloaded more than 50,000 times. It’s also believed that over 600,000 android user mistakenly downloaded this malware thinking it was a guide for their games.

But this isn’t the first time Google Play has been harboring some bad bugs. In fact, other malware like Viking Horde and DressCode tried to create Android botnets just as FalseGuide is doing now.

What happens is that the FalseGuide malware attempts to create faulty mobile adware. It will download and display what appears to be legitimate pop-up adverts with the purpose of bringing cash to its creators through ad display. Once it’s been downloaded, the FalseGuide malware will then request admin permission. This allows the malware to ensure that it cannot be deleted by the user.

That’s one way to tell that an app is up to no good.

But this isn’t known when it uploads itself to Google Play. That’s the main point of the malware’s creation is go in undetected. The only time it is suspected as fraudulent is after it has been downloaded into the user device, and the user has given it admin permission.

After it’s been installed into the device, the malware will then send notifications with the name like “Guide for Pokémon Go.” It has already registered itself to Firebase Cloud Messaging which is a cross platform service that gives the creators permission to send these notifications.

The use of Firebase is what the FalseGuide malware depends on in order to receive additional modules and download those to the user’s device. FalseGuide’s pop-up ads will almost always be out of context and will use background service that starts the minute the infected device boots up.

Yet it is not just making money through ads that the malware developers can use FalseGuide for. In fact, it can receive other instruction modules from the command-and-control server. Those instructions can have the malware create botnets to root the device, conduct a DDoS attack, or even sneak into private networks.

The real question is who is behind the creation of the FalseGuide malware? It is suspected that the app originated from Russia due to the fact that they were submitted under Russian name of two fake developers—Sergei Vernik and Nikolai Zalupkin—but Russian-speaking researches say that the latter is clearly a false name. So there’s really no telling who created it.

It is obvious why they chose Google Play apps for their target audience. The games are very popular and generate a large audience. There’s also the fact that the apps do not need much when it comes to features and development, so making them is rather easy.

Check Point told Google back in February that it had an unwanted visitor. Google then quickly removed the malware from the Play Store. Yet even after the malware was removed, its creators didn’t seem to give up. They kept uploading more malware apps into the Play Store around April. Once again Check Point notified Google who had the malware removed once again.

A Google spokesperson commented on the matter saying that the company is always “making improvements to our system.” Google’s spokesperson also wanted users to know that the company takes threats like this one very seriously and “tries to take immediate action whenever a questionable app is brought to our attention.”

FalseGuide has once again been removed from the Google Play Store, but it’s possible that traces of it still survive due to the vast number of installs it’s had since its creation. While Google, and companies like it, do everything in their power to protect the billions of its users, malware like FalseGuide will always find a crack in the armor to slip through.

About News Team

Hi, I'm Alex Perez, an experienced writer with a focus on lifestyle and culture news. From food and fashion to travel and entertainment, I love exploring the latest trends and sharing my insights with readers. I also have a strong interest in world news and business, and enjoy covering breaking stories and events.

Have a tip we should know?


Most Read

  1. News
    Pandora Papers Financial Leak Shows Us the Secrets of the World’s Rich and Powerful
    3 years ago
  2. Health
    US Supreme Court Rejects J & J TALC Cancer Case Appeal
    3 years ago
  3. Lifestyle
    9 Habits that Drain your Daily Focus and How to Avoid Them
    3 years ago
    Women’s Demand for Shapewear – the big Trends
    3 years ago
    Valentino Launches its Cosmetics Line
    3 years ago
  6. Health
    US Promises to Share 60 million Doses of AstraZeneca Vaccines
    3 years ago
  7. Health
    UK Offers Aid Amid Surging COVID-19 Cases in India
    3 years ago
  8. Sports
    Thousands of fans welcome Charlton funeral cortege at Old Trafford
    7 months ago
  9. News
    Brit left fighting for life after train derails in Argentinia
    7 months ago
    Dubai faces down airline rivals with $50 bln jet orders
    7 months ago
  11. Sunak
    UK’s Sunak brings back Cameron, sacks Braverman
    7 months ago
  12. Sports
    Man United’s Hojlund, Eriksen withdrawn from Denmark team duty
    7 months ago
  13. Health
    Autumn Sneezing Syndrome is on the rise… here’s what you can do
    7 months ago
  14. Canada
    Canada beat Italy to win Billie Jean King Cup for first time
    7 months ago

Follow @rushhourdaily: