Up to two million Android devices may have been affected by a new strain of malware, which poses as fake guides to popular Play Store games.
The so-called FalseGuide botnet malware has been discovered in more than 40 walkthrough applications for titles like Pokémon Go and FIFA Mobile, according to the security experts at CheckPoint.
Some of the malicious apps, the oldest of which dates back to November last year, have been installed between 50,000 and 100,000 times.
“FalseGuide creates a silent botnet out of the infected devices for adware purposes. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices,” CheckPoint says.
It takes the unusual step of requesting device admin permission, which you absolutely should not grant any app. Once that permission is granted, the app cannot be deleted.
“Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks,” the security firm writes (via IBT).
After the firm notified Google, the offending apps were removed from the Play Store, but new apps have continued to pop-up.
Related: How to play Pokémon Go
While this problem is being dealt with, we’d advise only downloading walkthrough guides from known, well-reviewed developers and, of course, rejecting any app that demands admin privileges on your device.
“Mobile botnets are a growing trend since early last year, growing in both sophistication and reach,” the blog post reads.
“This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code. Users shouldn’t rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs.”
Have you fallen victim to Android malware in the past? Share your experiences in the comments section below.