FalseGuide Android Malware: Two Million Google Play Users Duped
A malware that is hidden in guide applications for popular games like "Pokémon GO" and "FIFA Mobile" has slipped through Google Play's security defenses, duping around millions of users. According to reports, around two million users were tricked into downloading the malware from the app store.
While the malware has already been removed from the Google Play store, some rogue apps still continue to cause problems for users who have downloaded them. Created by cyber criminals, the malware reportedly attempts to create a botnet to deliver deceitful mobile adware and take money from it.
Called FalseGuide, the malware was discovered by the cybersecurity researchers at Check Point and is the oldest of the series of fake guides uploaded to the app store last Feb. 14. It was downloaded more than 50,000 times by Android users around the world who sought guides for some of the most popular games in the app store.
Like the previously discovered Viking Horde and Dress Code, FalseGuide displays illegitimate pop-up advertisements to drive revenue to malicious authors through clicks and ad displays. When a user downloads the malware onto his device, the malware requests admin permission as a means to ensure that the user won't delete the app.
FalseGuide was able to slip through the security system of Google Play because of its hidden nature. This type of malware only comes to life once it is downloaded by the user, who enables the permissions necessary for the app to request suspicious instructions.
Upon installation, FalseGuide registers itself to Firebase Cloud Messaging, bearing the same name as the original app. For instance, "Guide for 'Pokémon Go.'" By using Firebase, the malware is able to get more modules and download them to the device.
Back in February, Check Point notified Google about the malware and the tech giant was quick to remove it from the app store. However, the cyber criminals who created FalseGuide continued to upload more apps starting this April.