FalseGuide Malware Victim Count Jumps to 2 Million

2 Million Android Users Infected By Malware, Learn How to Protect Yourself

Check Point researchers recently reported that millions have unintentionally downloaded a malware called FalseGuide hidden in over 50 apps downloaded from Google Play Store. Attacks like this have been made through Play Store before with the use of malwares like Vikinghorde and Dresscode. The botnet malware spread through the download of guide apps for games like FIFA, Pokemon Go, Subway Surfers, GTA San Andreas, Asphalt and others. The malware quickly spread and infected over 2 million android devices, compromising their internet security. Initially, a report published on 24th April had informed that the malware has affected only 600,000 users but since then Check Point has researched that the FalseGuide malware attack is far worse. FalseGuide was uploaded onto Play Store as early as November last year and has been sitting there ever since, generating more and more downloads. Find out whether you have been a victim of this attack and learn how you can boost your internet security to protect yourself from such attacks.

How does FalseGuide operate?

Hackers behind this attack developed these simple apps as guides for games are widely popular and are downloaded by people all around the world. They don’t require much maintenance and updates which makes the hacker’s job all the more easier. This is how FalseGuide malware infects your device-

• After the installation of the game guide, FalseGuide asks for device admin permission from the user. 
• If you have given it administrative permission, it cannot be deleted from the device. It can then use methods to hide its activities.
• You will then be part of a botnet without your knowledge. The hackers will control your device for adware purposes and make an income through it. 
• Then FalseGuide registered itself on a message topic of the same name on a cross-platform messaging service called Firebase Cloud Messaging. After subscribing to this topic, the attackers can send messages containing links to more malware, download and install them to your device. 
• After restarting, a background service will start running and display illegal pop-up ads so the hackers can make money. 
• Highly malicious coding has been found in these modules which can actually allow the attackers to root your device, launch a DDoS attack or infiltrate private networks.

Did the attack originate from Russia?

Check Point surmised that the malicious apps containing FalseGuide malware was submitted to Play Store by two fake developers with Russian names, Sergei Vernik and Nikolai Zalupkin. Later, they updated their post with the information that 5 more of such apps had been found and these had been developed by Anatoly Khmelenko (translated from a Russian name).

What to Do If You Are a Victim?

Google has already removed the apps from the Play Store but your device might still be infected. You must perform a factory reset on your device. If it still does not work, you must take your phone to a professional.
How to Protect Yourself from Similar Attacks

• Only download apps from trusted sources and developers. 
• Beware of installing apps that request administrative permission. 
• Keep an updated antivirus on your device.