The malware was discovered by Trend Micro and aims to infect and ad as many devices as possible to a centrally managed botnet. The botnet intends to show unrequested ads to victims, via popups or other means. It is spread using more than 40 “game guide” apps uploaded to the Play Store and the infection process is quite complex and specifically designed to avoid detection.
Usually users download game ups and sometimes ignore the permissions request screen during an app’s installation process. After the app obtains admin rights, the malware connects to a Firebase Cloud Messaging thread and there will lie in waiting. FalseGuide operators can then use this Firebase thread to push modules that all infected phones will download and run without the phone owners knowledge or consent.
Google has removed all the apps Trend Micro found. A full list of apps infected with FalseGuide is available here.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now