There is no such thing as security – even more so in the digital world. A malware network, it now has on mobile gamers apart and is already 2 million Android devices have infected. The behavior resembles that of a Hydra: As soon as Google deletes an offshoot, the next one appears in the Play Store.
The infection of the devices is only the medium-term goal because, in the long run, it is probably a question of establishing a global bot network. Sounds a bit like the plan of a Hollywood bad guy, but according to the digital security, company CheckPoint is actually so. The malware called “FalseGuide” is connected to a server in the background and in most cases, it only plays pop-up advertising via a service running on the surface. According to security experts, FalseGuide sometimes also includes root exploits that allow the mobile device to participate in a DDoS attack or infiltrate private networks. Meanwhile, some 2 million devices are said to be infected.
FalseGuide hides behind popular mobile games
How can it happen? Well, the name “FalseGuide” comes not by chance. It spreads through the malware by being a guide app for tricky games. This has the advantage for the hackers that they can ride in the wind shadow of a popular game without great development effort. Overall, CheckPoint was able to locate nearly 50 such applications in the Play Store, including some with more than 50,000 installations. The oldest have been in circulation since November 2016, which explains the high infection rate.
Of course, Google has already been informed about this and all identified FalseGuide apps were immediately removed from the Play Store. However, according to CheckPoint, it since two other offshoots has already been dived. Although these are now deleted, however, shows that Google has not yet a reliable means to detect malware in new apps preventive.
FalseGuide: This is how you recognize the malware
After all, it seems to be a half-reliable recognition feature for users: a FalseGuide app always requests admin rights when it is started for the first time so that it cannot be uninstalled afterward. This is, in itself, an indicator for every app, which should raise eyebrows. With FalseGuide it is probably the only indicator because apart from this, the applications behave regularly and connect themselves to an authentic server – just the moment when the server initiates the download of other malicious software.
For users: keep an eye on the app selection! Before installing an unknown app with little ratings, rather check the developer again and critically question the requested permissions, and leave in doubt the fingers of.