Two million Android devices 'hit by Google Play malware'

Researchers discover close to 45 apps laden with botnet malware

A new strain of malware hidden inside apps on the Google Play store has infected close to two million Android devices over the past year, according to security experts monitoring the spread.

The recently discovered malware, known as 'FalseGuide', has been found lurking in more than 45 Google Play store apps that provide guides and walkthroughs for mobile games.

At first it was believed the some apps may have been operating since February 2017, however further investigations revealed an app was uploaded to the store as early as November 2016.

Close to two million devices are thought to have been infected since that time, with some apps reaching 50,000 installs each, according to security researchers at Check Point, who first discovered the strain.

The firm initially alerted Google to the infected apps in March, which acted to remove them from the store. However since then new apps laden with malware have been added which required further action from Google, Check Point said.

Once installed, the FalseGuide malware is able to hijack a device and add it to a larger botnet. The bots are then used for a number of purposes depending on their computing capabilities. These can include displaying illegitimate pop-up ads that contain malicious code, conducting DDoS attacks against other targets, and even compromising private networks, according to researchers.

Hackers under the names of fake developers Sergei Vernik and Nikolai Zalupkin uploaded the apps over the course of six months, suggesting Russian connections - although the researchers point out that to Russian speakers, the latter name is clearly made up.

Check Point said that the app stands out from other downloads, as it requires the user to grant admin privileges during installation. Once granted, it uses these permissions to avoid detection by the user, and register to a cloud-based messaging topic to receive and download additional infected modules.

Game guides in particular are juicy targets for hackers, given the significant number of users they can reach and the ease with which they can be developed.

These will by no means be the only target however, and Check Point warned that it is important for users to be diligent when downloading apps to their devices, even when taken from official stores, saying: "Users shouldn't rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs."

IT Pro has approached Google for comment.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Android malware vendor teams with marketer to promote new malware
malware

Android malware vendor teams with marketer to promote new malware

11 Jan 2021
Python-based malware steals Outlook files and browser credentials
malware

Python-based malware steals Outlook files and browser credentials

15 Dec 2020
Subway UK customers targeted by Trickbot hackers
hacking

Subway UK customers targeted by Trickbot hackers

14 Dec 2020
Power banks could infect your smartphone with malware
malware

Power banks could infect your smartphone with malware

9 Dec 2020

Most Popular

Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021