Courtesy of a report from Check Point Security, a new Android malware, called FalseGuide, is said to have affected millions of Android phones worldwide after finding its way to the Play Store under the developer names of “Sergei Vernik” and “Nikolai Zalupkin”.
The FalseGuide malware can potentially root a phone, get access to sensitive info and prevent the infected app from being deleted. After gaining administrator rights from users the malware can then be used to display “illegitimate pop-up ads out of context”.
The malware is difficult to detect until granted administrator rights. Google, on its part, claims to have removed any app infected by FalseGuide, while also reiterating commitment to making Play Store a safe app repository for users. The full findings of the report can be read at Check Point’s blog here.
“FalseGuide creates a silent botnet out of the infected devices for adware purposes. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices.”
The malware has been observed in at least 49 Android apps, which have been downloaded by as many as 1.8 million Android users in 5 or so months they spent at the Play Store. Fortunately, most of those apps were found to have very low download figures. Apps harbouring the virus include fake companion apps for popular games like Pokemon Go and FIFA Mobile.
Despite Google being pretty strict about regular security updates and OEMs releasing them, almost half of all Androids didn’t get regular security updates in 2016, making way for potentially harmful malwares such as FalseGuide to exploit users.