A team of researchers at security firm Check Point has discovered a new batch of Google Play applications infected with malware for Android. In this case, the virus is an adware known as FalseGuide, and propagated hidden in fake Pokémon GO guides, FIFA Mobile and other mobile games.
According to the report, some of the infected applications have been in the store since November 2016, so they have managed to bypass Google’s security measures for five months. Current estimates estimate that more than 2 million users have been infected.
What malware does is create a botnet, which is a network of zombie computers, with infected devices for advertising purposes. In order to be able to act, the virus requests administrator permissions during the installation, which allows it to avoid being erased by the user.
It then registers with FireBase Cloud Messaging to receive messages that send malicious modules to be downloaded to install on the terminal, which display pop-ups with illegitimate ads. Depending on the targets of the attackers, these modules may contain malicious code intended to eradicate the device, to perform a DDoS attack or even to penetrate private networks.
Since the beginning of last year mobile botnets are becoming a rising trend, with levels of sophistication and scope increasing. This type of malware can easily circumvent Google Play security mechanisms because the first component is malicious in nature, it is only to download the actual malicious code.
Therefore, extreme caution with the applications you install on your mobile, as the official store does not give full guarantee that they are clean of malware.
Entusiasta de la seguridad cibernética. Especialista en seguridad de la información, actualmente trabajando como especialista en infraestructura de riesgos e investigador.
Experiencia en procesos de riesgo y control, soporte de auditoría de seguridad, diseño y soporte de COB (continuidad del negocio), gestión de grupos de trabajo y estándares de seguridad de la información.
Envía tips de noticias a firstname.lastname@example.org o WhatsApp +525525766324.
También puedes encontrarnos en Telegram www.t.me/noticiasciberseguridad