It is estimated that more than 2 Million Android users have fallen victim to malware when they downloaded fake companion guide apps from Google Play Store. According to Check Point security researchers, more than 40 fake guide apps for numerous mobile games including FIFA Mobile and Pokémon Go contained the malware.
Researchers from Check Point dubbed the malware FalseGuide and explained that an invisible botnet was created with the infected devices. The botnet delivered fake mobile adware to generate ad revenue for the criminals behind it.
More Users Infected Than Initially Thought
When Check Point first investigated the FalseGuide attack, they found that it was first uploaded to Google Play in February 2017 and was downloaded by 600,000 users within the first two months.
In depth analysis however showed that the oldest infected app was in fact uploaded as far back as November last year and managed to stay hidden since then, ultimately resulting in more than two million infections.
FalseGuide of Russian Origin
The first FalseGuide apps were submitted with the fake names of developers Nikolai Zalupkin and Sergei Vernik. As the names are Russian, the malware may have originated in Russia.
Check Point researchers later found another five FalseGuide apps developed by Anatoly Khmelenko.
Malware removed from Store, but is your device infected?
Check Point supplied a list of apps hiding the FalseGuide malware. These include false guides for Criminal Case, FIFA Mobile, Subway Surfers, Super Mario, Lego City My City, Lego Nexo Knights, Drift Zone 2, Pokemon Go, Ninjago Tournament, Dream League Soccer, Amaz3ing Spider-Man and Rolling Sky.
In February, when Google was informed about FalseGuide, they removed all the apps containing the malware from the Play Store.
It is however likely that the FalseGuide apps are still installed and active on many devices.
How to prevent an attack by malware
A number of measures can be followed to make sure you are not affected:
- Only download apps from verified and trusted developers, and use reputable sources such as the Apple App Store and Google play Store.
- Check app permissions before you download or install them. If you suspect an app asks for more permissions than what is logically needed, simply delete it.
- Install good antivirus software. The app should not only detect and eliminate viruses, but also identify and block malware before it infects the device. Make sure you update the app regularly.
- Never download any apps from unknown sources. While the app was distributed by the authorised Play Store in this case, malware is mostly distributed via third-party sites.
- Don’t use unknown Wi-Fi hotspots and turn the device’s Wi-Fi off when you’re not using it.
- Be vigilant for apps that ask for administrative rights. These rights will give any software total control over your device.
- Don’t click on links in any MMS or SMS that you received on your device. Even if the sender looks legit, check the website from which it was sent and confirm any updates.