A recently discovered strain of botnet malware has infected over 600,000 Android devices, as stated by the security researchers. Researchers have also found that the malware poses as a guide that wants to help gamers with online games like FIFA and Pokemon Go. These guides are actually a malicious software named FalseGuide.
It’s been discovered that FalseGuide was hiding in over 40 different guide apps and that the oldest one was posted more than three years ago on 14th of February 2014. Some of the infected apps reached over 50,000 downloads, as claimed by Check Point security. The researchers also said that all of those devices can now be considered infected.
The aim, as claimed by experts, was to create a ‘silent botnet,’ that would later be used for adware purposes. Cyber criminals are well known for their use of botnets and most often these botnets are made of a series of infected devices which include computers, as well as IoT (Internet of Things) devices including DVRS, CCTV cameras, Smart TVs, Smart cars and Smart Switches, etc. Most of the malware that infects these devices are stealthy preventing users from detecting them, which in return allows the malware to remain undisturbed on the device.
In the FalseGuide’s case, the malware managed to receive the administrator privileges, which means that the user cannot get rid of the infection. After administrator privileges, the malware proceeded to register to a cloud-based messaging service to receive further instructions. This way, malware can be used to provide its creator a full access to the device or even to allow them to launch DDoS attacks.
After the discovery of these malicious apps, Google has done what they could to take them off the Play Store, but the apps already downloaded are still posing a problem. Furthermore, investigations revealed that there were two people behind the scheme going by (probably fake) names of Nikolai Zalupkin and Sergei Vernik.
It’s believed that the gaming guides were selected because they’ve been very popular lately, and also because they do not require much time and effort when it comes to feature implementation and development. This means that with a small amount of effort, hackers could reach a wide audience if by using the popularity and success of the original games.
Experts also stated that “Mobile botnets are a growing trend since early last year, growing in both sophistication and reach,” and that “This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code.” That’s why users should not rely on their app stores to protect them, since there far too many apps available to be verified.
Just last week, a Dutch cyber security firm called Securify uncovered a Trojan called ‘BankBot,’ that was used for financial frauds against Android users. The Trojan was discovered on Google Play Store leading to the conclusion that even official apps stores are not safe from cyber criminals and malware.
If you are an Android or iOS user, it is highly recommended to download as fewer apps as possible and to confirm that the apps you are about to install are legit through the company’s official website. Furthermore, the Pokemon Go app is still being used by cyber criminals to conduct smishing and ransomware scam.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.