FalseGuide Android Malware Lurks on Google Play

FalseGuide Android Malware Featured Image

Malware researchers discovered a large-scale campaign that delivers the FalseGuide Android malware on the Google Play store.

FalseGuide Android Malware Delivered Via Google Play Apps

Security researchers detected a dangerous virus which is being distributed on the Google Play Store via different apps. It has been named as the FalseGuide Android malware as it is disguised under guide apps for games, a popular category of software. According to the researchers the infections are similar to the DressCode campaign last year (read more about it here). The users are tricked into installing the malware by posing as legitimate and useful applications. Upon installation the malware asks for an unusual privilege access which is a clear warning sign that something is not right. More experienced users should notice that this is something that is not usually associated with these types of apps. All of the identified strains follow a predefined behavior pattern:

  1. Upon installation the malware acquires elevated privileges.

  2. FalseGuide’s engine registers itself to a Firebase Cloud Messaging topic controlled by the operators.

  3. By using the registered connection the attackers can send commands that can issue remote control capabilities or further expand the installed malware with additional modules.

  4. The affected devices are recruited into a worldwide botnet which can be used to conduct DDOS attacks or other types of computer crime.

  5. The virus engine has been identified to display various sponsored content, pop-ups and hacker-controlled third party content.

According to the malware researchers there are two possible reasons why the operators have chosen game guide apps as a decoy for the FalseGuide Android malware:

  1. Game Guide Apps are very popular with games and casual users.

  2. They are fairy easy to develop nd can be easily updated via the developers. Its possible to bundle the malware into existing well-known apps or counterfeit clones.

All of the apps are submitted to the Google Play Store under the fake developer names – Sergei Vernik (Сергей Верник)and Nikolai Zalupkin (Николай Залупкин).

Related: How to Remove Android Browser Hijackers

FalseGuide Android Malware List Of Affected Apps

The full list of affected apps that are linked to the distribution campaign include the following entries:

  • Guide or FIFA Mobile – Release Date: 21 February 2017

  • Guide for LEGO Nexo Knights – Release Date: 15 February 2017

  • Guide for Rolling sky – Release Date: 20 February 2017

  • Guide for LEGO City My City – Release Date: 14 February 2017

  • Guide for Terraria – Release Date: 20 February 2017

  • Справочник для World of Tanks – Release Date: 20 February 2017

  • Руководство для Zombie Tsunami – Release Date: 15 February 2017

  • Руководство для Drift Zone 2 – Release Date: 22 February 2017

  • Руководство для Mobile Legends – Release Date: 22 February 2017

  • Руководство для Injustice Gods – Release Date: 22 February 2017

  • Руководство для Asphalt 8 – Release Date: 22 February 2017

  • Справочник для Criminal Case – Release Date: 21 February 2017

  • Справочник для NBA LIVE Mobile – Release Date: 21 February 2017

  • Справочник для Subway Surfers – Release Date: 21 February 2017

  • Справочник для Zombie Tsunami – Release Date: 20 and 21 February 2017

  • Руководство для Terraria – Release Date: 18 February 2017

  • Руководство для Hay Day – Release Date: 18 February 2017

  • Руководство для World of Tanks – Release Date: 18 February 2017

  • Guide for Pokemon GO – Release Date: 1 March 2017

  • Guide Amazing Spider-Man 2 – Release Date: 2 March 2017

  • ProGuide LEGO Marvel Superhero – Release Date: 1 March 2017

  • Guide Dream League Soccer – Release Date: 2 March 2017

  • LEGUIDE LEGO City Undercover – Release Date: 27 February 2017

  • Руководство для FNAF 2 – Release Date: 1 March 2017

  • Руководство для Roblox – Release Date: 1 March 2017

  • Guide For FNAF 2 – Release Date: Release Date: 8 March 2017

  • Инструцкция The Auto Vip City – Release Date: 3 March 2017

  • Руководство для Super Mario – Release Date: 28 February 2017

  • Руководство Great The Auto 4 – Release Date: 28 February 2017

  • Руководство для Cadillacs – Release Date: 1 March 2017

  • Руководство для Spider-Man 2 – Release Date: 28 February 2017

  • Инструкция к Super Mario – Release Date: 2 March 2017

  • Интсрукция к LEGO Friends – Release Date: 3 March 2017

  • Инструкция к Great The Auto 5 – Release Date: 2 March 2017

  • Инструкция к Great The Auto 4 – Release Date: 8 March 2017

  • Guide for Cadillacs – Release Date: 3 March 2017

  • Guide for Roblox – Release Date: 3 March 2017

  • Руководство для League Soccer – Release Date: 28 February 2017

  • LEGUIDE LEGO City My City – Release Date: 27 February 2017

  • Guide for Rolling Sky – Release Date: 11 April 2017

  • Guide for Ninjago Tournament – Release Date: 6 April 2017

  • Guide for Ninjago Tournament – Release Date: 22 November 2016

  • Guide For FIFA 17 – Release Date: 30 November 2016

  • Guide for slither.io – Release Date: 29 November 2016

  • Guide for Mortal Kombat X – 23 November 2016

  • Guide for Shadow fight 3 and 2 – 23 November 2016

The FalseGuide Android malware can also be acquired through a computer virus. Secure your computer and prevent intrusions and malware from infecting your PC by using a quality anti-spyware solution.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts