Two million Android devices 'hit by Google Play malware'

Researchers discover close to 45 apps laden with botnet malware

A new strain of malware hidden inside apps on the Google Play store has infected close to two million Android devices over the past year, according to security experts monitoring the spread.

The recently discovered malware, known as 'FalseGuide', has been found lurking in more than 45 Google Play store apps that provide guides and walkthroughs for mobile games.

Advertisement - Article continues below

At first it was believed the some apps may have been operating since February 2017, however further investigations revealed an app was uploaded to the store as early as November 2016.

Close to two million devices are thought to have been infected since that time, with some apps reaching 50,000 installs each, according to security researchers at Check Point, who first discovered the strain.

The firm initially alerted Google to the infected apps in March, which acted to remove them from the store. However since then new apps laden with malware have been added which required further action from Google, Check Point said.

Once installed, the FalseGuide malware is able to hijack a device and add it to a larger botnet. The bots are then used for a number of purposes depending on their computing capabilities. These can include displaying illegitimate pop-up ads that contain malicious code, conducting DDoS attacks against other targets, and even compromising private networks, according to researchers.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Hackers under the names of fake developers Sergei Vernik and Nikolai Zalupkin uploaded the apps over the course of six months, suggesting Russian connections - although the researchers point out that to Russian speakers, the latter name is clearly made up.

Check Point said that the app stands out from other downloads, as it requires the user to grant admin privileges during installation. Once granted, it uses these permissions to avoid detection by the user, and register to a cloud-based messaging topic to receive and download additional infected modules.

Game guides in particular are juicy targets for hackers, given the significant number of users they can reach and the ease with which they can be developed.

These will by no means be the only target however, and Check Point warned that it is important for users to be diligent when downloading apps to their devices, even when taken from official stores, saying: "Users shouldn't rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs."

IT Pro has approached Google for comment.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

30 Jun 2020
Visit/security/hacking/356152/searching-for-a-new-job-that-linkedin-job-offer-may-be-fake
hacking

Searching for a new job? That LinkedIn job offer may be fake

19 Jun 2020
Visit/security/malware/355093/evasive-malware-threats-are-surging
malware

Evasive malware threats doubled in 2019

24 Mar 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020