Game-guide apps delivered malware to 2 million Android users

Becky

Webmistress
Joined
Mar 25, 2003
Messages
7,424
Reaction score
1,511
A number of game-guide Android apps have been found to target users with 'FalseGuide' malware, according to recently published findings from Checkpoint. Some of the apps have been available on Google's Play Store from November 2016, meaning that they have passed undetected for around 5 months.

FalseGuide creates a silent botnet out of the infected devices for adware purposes. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices.

FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app. Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device. After a long wait, we were able to receive such a module and determine that the botnet is used to display illegitimate pop-up ads out of context, using a background service that starts running once the device is booted. Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.


Read more at Check Point
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top