Over 50 gaming app guides on Google Play store were carrying an ad-displaying malware which has infected approximately 2 million Android devices.
All the 50 gaming apps, which had been first uploaded to the app store back in November 2016, containing this malware have been removed from the Play Store but the devices which had downloaded them remain infected by the malware.
According to CheckPoint Security, FalseGuide malware-carrying apps managed to reach as many as 50,000 downloads for a single app.
The malware gives the hackers control of the infected devices without the knowledge of the owner, mainly for adware purposes.
“FalseGuide creates a silent botnet out of the infected devices. A botnet is a group of devices controlled by hackers. The bots are used for various reasons based on the distributed computing capabilities of all the devices,” the research reads.
Also on Guiding Tech
FalseGuide Takes Control of Your Device
When an app containing the FalseGuide malware is installed, it asks for admin permission — which gives it full control over the device, so much so that the user can not delete it.
Once the malware has gained access to a device, it connects to the Firebase Cloud Messaging topic — with the same name as the app — and gives the attacker the ability to download additional malicious modules on the infected device.
While the app which CheckPoint researchers examined was ‘used to display illegitimate pop-up ads out of context’, depending on the level of malicious code contained within these additional modules, the attacker can also root the device, conduct a DDoS attack or penetrate private networks.
Why Guiding Apps for Games?
Guiding apps for games are as popular as the game itself as these contain several tips, tricks and walkthroughs of the game — monetise on the success of the original game.
Guiding apps has minimalistic features and doesn’t require a lot of time to build up, which gives malware developers an easy way to reach more people.
Isn’t Google Play Store Safe?
While Google makes earnest efforts to keep its Play Store and Android environment safe, these apps were able to penetrate that security ‘due to the non-malicious nature of the first component’.