Game guide apps infect 2 million Android handsets with malware

"This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code."

Ad malware in nearly 50 apps on the Google Play Store has infected around two million Android smartphones worldwide, as the ad giants failed to spot the harmful software in their applications. The rogue code, dubbed Falseguide was mainly held by the game walkthrough applications, that said to provide guide or cheat codes for various games.

According to infosec vendor Check Point, some of these apps have been hiding in plain view in the Google Play store since November last year and their malicious nature wasn't picked up by the Chocolate Factory, reported The Register.

"Mobile botnets are a growing trend since early last year, growing in both sophistication and reach. This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code. Users shouldn't rely on the app stores for their protection," said Check Point in an advisory that has the list of all of these faulty apps, which have now been removed from the Play Store.

Although Falseguide only downloaded and executed annoying adverts on handsets for now, but future modules could, for example, install spyware on the devices, or be used to launch denial-of-service attacks on victims.

This is all possible because of the level of access the apps ask for when first installed: the software pops up a permission request screen telling users that it wants full device admin rights.

Obviously, this should have alarmed the users, as a game guide is no more than a collection of pictures and text, and there's no reason for it to ask for such access rights. But, around two million users ignored this red flag and tapped OK.

Though the source of the malware still remains unknown, but the apps were uploaded by two developers named Sergei Vernik and Nikolai Zalupkin. There is a high probability of these accounts being fake, but Russia is churning out some quality malware these days, as many people are finding out to their cost, reported The Register.

READ MORE