large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

New Android malware targets Pokémon Go and FIFA players — here’s how to protect yourself

Up to two million Android devices may have been affected by a new strain of malware, which poses as fake guides to popular Play Store games.

The so-called FalseGuide botnet malware has been discovered in more than 40 walkthrough applications for titles like Pokémon Go and FIFA Mobile, according to the security experts at CheckPoint.

Some of the malicious apps, the oldest of which dates back to November last year, have been installed between 50,000 and 100,000 times.

“FalseGuide creates a silent botnet out of the infected devices for adware purposes. A botnet is a group of devices controlled by hackers without the knowledge of their owners. The bots are used for various reasons based on the distributed computing capabilities of all the devices,” CheckPoint says.

One of the ways Android users can protect themselves from the potentially harmful software is by checking the permissions the app requests during the install process.

It takes the unusual step of requesting device admin permission, which you absolutely should not grant any app. Once that permission is granted, the app cannot be deleted.

“Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks,” the security firm writes (via IBT).

After the firm notified Google, the offending apps were removed from the Play Store, but new apps have continued to pop-up.

Related: How to play Pokémon Go

While this problem is being dealt with, we’d advise only downloading walkthrough guides from known, well-reviewed developers and, of course, rejecting any app that demands admin privileges on your device.

“Mobile botnets are a growing trend since early last year, growing in both sophistication and reach,” the blog post reads.

“This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code. Users shouldn’t rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs.”

Have you fallen victim to Android malware in the past? Share your experiences in the comments section below.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.