Android users have once again been targeted by malware that sneaked in Google Play Store. The malware in question has been identified as FalseGuide, discovered by security researchers at CheckPoint. FalseGuide was hidden in more than 40 fake companion guide apps for popular games like Pokémon GO and FIFA Mobile, the oldest of which was uploaded to Plat Store on February 14, 2017.
What Does FalseGuide Android Malware Do?
The researchers found out that the malware attempts to create botnet which distributes fraudulent mobile adware monetizing the malicious campaigns of the cybercriminals. Some of these apps have been downloaded over 50,000 times. This means that some 600,000 Android users have downloaded the malware believing it was a guide for a game (hence the name FalseGuide).
FalseGuide Android Malware Technical Specifications
CheckPoint researchers say that the malware request an unusual permission during installation – device admin permission. This is used to avoid being deleted by the user.
The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app. Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device.
After a long wait, the researchers were able to receive such a module and reach a conclusion that the botnet is deployed to display malicious pop-up ads out of context, using a background service that starts running once upon reboot. “Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks,” the team adds.
Why Was the Malware Masqueraded as a Gaming App?
There are two major reasons for cybercriminals to choose this type of app. The first reason is quite obvious – gaming apps are quite popular with users. Second, guiding apps are not complicated to develop, making this a great opportunity for malware coders to reach thousands of users with zero effort.
In conclusion, mobile botnets are constantly growing in popularity, sophistication and reach. The worst thing is that this type of malware successfully sneaks into Google Play “due to the non-malicious nature of the first component, which only downloads the actual harmful code”. Users should be extremely cautious when downloading apps, and should consider implementing additional protection on their mobile devices.