A team of researchers at security firm Check Point has discovered a new batch of Google Play applications infected with malware for Android. In this case, the virus is an adware known as FalseGuide, and propagated hidden in fake Pokémon GO guides, FIFA Mobile and other mobile games.
According to the report, some of the infected applications have been in the store since November 2016, so they have managed to bypass Google’s security measures for five months. Current estimates estimate that more than 2 million users have been infected.
Security researchers have found malicious FalseGuide software hidden in more than 40 game guide apps,
you can check the complete list on the company’s security blog . The records indicate that some of them have managed to exceed 50,000 installations. After the notice from Check Point, Google has withdrawn applications from the store.
What malware does is create a botnet, which is a network of zombie computers, with infected devices for advertising purposes. In order to be able to act, the virus requests administrator permissions during the installation, which allows it to avoid being erased by the user.
It then registers with FireBase Cloud Messaging to receive messages that send malicious modules to be downloaded to install on the terminal, which display pop-ups with illegitimate ads. Depending on the targets of the attackers, these modules may contain malicious code intended to eradicate the device, to perform a DDoS attack or even to penetrate private networks.
Since the beginning of last year mobile botnets are becoming a rising trend, with levels of sophistication and scope increasing. This type of malware can easily circumvent Google Play security mechanisms because the first component is malicious in nature, it is only to download the actual malicious code.
Therefore, extreme caution with the applications you install on your mobile, as the official store does not give full guarantee that they are clean of malware.