Two million Android devices 'hit by Google Play malware'

A red Android mascot

A new strain of malware hidden inside apps on the Google Play store has infected close to two million Android devices over the past year, according to security experts monitoring the spread.

The recently discovered malware, known as 'FalseGuide', has been found lurking in more than 45 Google Play store apps that provide guides and walkthroughs for mobile games.

At first it was believed the some apps may have been operating since February 2017, however further investigations revealed an app was uploaded to the store as early as November 2016.

Close to two million devices are thought to have been infected since that time, with some apps reaching 50,000 installs each, according to security researchers at Check Point, who first discovered the strain.

The firm initially alerted Google to the infected apps in March, which acted to remove them from the store. However since then new apps laden with malware have been added which required further action from Google, Check Point said.

Once installed, the FalseGuide malware is able to hijack a device and add it to a larger botnet. The bots are then used for a number of purposes depending on their computing capabilities. These can include displaying illegitimate pop-up ads that contain malicious code, conducting DDoS attacks against other targets, and even compromising private networks, according to researchers.

Hackers under the names of fake developers Sergei Vernik and Nikolai Zalupkin uploaded the apps over the course of six months, suggesting Russian connections - although the researchers point out that to Russian speakers, the latter name is clearly made up.

Check Point said that the app stands out from other downloads, as it requires the user to grant admin privileges during installation. Once granted, it uses these permissions to avoid detection by the user, and register to a cloud-based messaging topic to receive and download additional infected modules.

Game guides in particular are juicy targets for hackers, given the significant number of users they can reach and the ease with which they can be developed.

These will by no means be the only target however, and Check Point warned that it is important for users to be diligent when downloading apps to their devices, even when taken from official stores, saying: "Users shouldn't rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs."

IT Pro has approached Google for comment.

Dale Walker

Dale Walker is the Managing Editor of ITPro, and its sibling sites CloudPro and ChannelPro. Dale has a keen interest in IT regulations, data protection, and cyber security. He spent a number of years reporting for ITPro from numerous domestic and international events, including IBM, Red Hat, Google, and has been a regular reporter for Microsoft's various yearly showcases, including Ignite.