• Home
  • Apps
  • Apps News
  • FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point

FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point

FalseGuide Botnet Malware Affected Nearly 2 Million Android Devices, Says Check Point
  • Check Point reported 40 Android apps infected with "FalseGuide" malware
  • The researchers reported the apps to Google
  • The infected apps were removed from Google Play

Mobile threat researchers at Check Point have discovered a new strain of malware infecting millions of Android devices via Google Play. The researchers claim that the new botnet malware dubbed FalseGuide was hidden in over 40 guide apps for games in Google Play.

"Check Point notified Google about the malware, and it was swiftly removed from the app store," point out Oren Koriat, Andrey Polkovnichenko, and Bogdan Melnykov researchers in a blog post.

The researches add that the infected apps managed to cross 50,000 installs, and roughly infected up to 600,000 devices. Check Point, however, has since updated the blog post adding FalseGuide attack was far more extensive than originally understood. Five new infected apps were found in Google Play which were uploaded in as early as November 2016 suggesting that these managed to hide successfully for five months.

"The apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads. The updated estimate now includes nearly 2 million infected users," wrote the researchers.

The researchers also explain how the new FalseGuide malware functions as these create a "silent botnet" out of the infected devices for adware purposes.

For those unaware, a botnet is a group of devices controlled by hackers without the knowledge of their owners, and are used for various purposes "based on the distributed computing capabilities of all the devices."

Further detailing, researchers added, "FalseGuide requests an unusual permission on installation - device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app."

Once subscribed, FalseGuide"malware can help download additional modules on the infected device. "Depending on the attackers' objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks," concluded researchers.

According to researchers,"FalseGuide malware covers itself as guiding apps as it's easy to monetise on the success of the original gaming app and guiding apps require very little development and feature implementation. Check Point has listed all the games that carry the new FalseGuide malware.


For details of the latest launches and news from Samsung, Xiaomi, Realme, OnePlus, Oppo and other companies at the Mobile World Congress in Barcelona, visit our MWC 2024 hub.

Ketan Pratap
Ketan Pratap is the editor at Gadgets 360 - with over 12 years of experience covering the technology domain. With a breadth and depth of knowledge in the field, he's done extensive work across news, features, reviews, and opinion pieces. But what's truly inspiring about Ketan is how he spends his free time. He's often found gazing at snow-capped mountains from over 20,000 feet while sitting on the hood of his car, taking in the breathtaking beauty of nature. His passion for the great ...More
Windows 10 Creators Update Shouldn't Be Installed Manually, Warns Microsoft
How a Bengaluru-Based Women's Safety Startup Became a Logistics Firm for Businesses
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us


© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »