Another week, another Android malware.
Android malware often takes the form of infected apps on the Google Play Store, and a new variant called FalseGuide has been discovered by security company Check Point.
While Google has been pushing monthly security updates, manufacturers like Samsung unfortunately often delay on pushing these updates to customers. The result? According to Google, half of Android devices did not receive security updates in 2016. That’s particularly problematic when malware like FalseGuide shows up, as it gives that malware an opportunity to take advantage of more unprotected phones.
“FalseGuide creates a silent botnet out of the infected devices for adware purposes. A botnet is a group of devices controlled by hackers without the knowledge of their owners,” says Check Point in a blog post. “The bots are used for various reasons based on the distributed computing capabilities of all the devices.”
Issues arise when the apps are downloaded, after which they’ll request administrator permissions, which can then be used against the owner of the phone. For now, it appears as though those permissions allow the app to deliver “illegitimate pop-up ads out of context,” but they could also be used to instigate DDoS attacks.
The malware was first discovered a few days ago, and appeared in a hefty 44 game guide apps. Those apps were since removed, but another five apps with the malicious code were then discovered. Scarily enough, some of these apps were uploaded as early as November 2016 — so they stayed on the Google Play Store for around 5 months before being taken down. As far as users impacted by the malware, Check Point estimates between 500,000 to 1.8 million users. Thankfully, of the 49 infected apps, 28 of them were downloaded less than 10 times and seven of them were apparently never downloaded.
It’s unlikely the Google Play Store will ever be totally safe — but it is the safest place to download Android apps. For now, it’s important to download only official apps, and stick with the ones that you trust.
- I regret buying my iPhone 14 Pro for 3 big reasons
- New phishing method looks just like the real thing, but it steals your passwords
- The Google Home app finally has the big redesign you’ve been waiting for
- Does the iPhone 14 have the Dynamic Island?
- What to expect from Google’s October 6 event: Pixel 7, Pixel Watch, and more