Becky
Webmistress
- Joined
- Mar 25, 2003
- Messages
- 7,424
- Reaction score
- 1,511
A number of game-guide Android apps have been found to target users with 'FalseGuide' malware, according to recently published findings from Checkpoint. Some of the apps have been available on Google's Play Store from November 2016, meaning that they have passed undetected for around 5 months.
Read more at Check Point
FalseGuide creates a silent botnet out of the infected devices for adware purposes. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices.
FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app. Once subscribed to the topic, FalseGuide can receive messages containing links to additional modules and download them to the infected device. After a long wait, we were able to receive such a module and determine that the botnet is used to display illegitimate pop-up ads out of context, using a background service that starts running once the device is booted. Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.
Read more at Check Point