Have you ever downloaded guide apps for a popular app, such as for Pokemon Go, from Google Playstore? Then you’re the one of the two million victims who installed those fake companion guide apps which were pre-loaded with malware targeting real-time users.
Apparently, around 40 fake companion guide apps are loaded with malware targeting smartphone users' adware for fraudulent activities. According to Checkpoint researchers, Dubbed FalseGuide - a malware that creates silent botnet out of the infected devices to deliver fraudulent mobile adware and generate ad revenue for cyber criminals.
In February, fraudulent apps had a massive amount of six lakh downloads by users after its initial launch on Playstore, but later on, researchers found that there are more such apps hidden. Regarding this, Checkpoint researchers wrote in their blog post, "Since 24 April, when the article below was first published, Checkpoint researchers learned that the FalseGuide attack is far more extensive than originally understood. The apps were uploaded to the app store [Google Playstore] as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads."
Also, Checkpoint researchers found five more guide apps containing false guide malware developed by Russian developer ‘Anatoly Khmelenko’. Most of the fraudulent guide companion apps are developed from Russia. The first set of malicious apps were submitted under Russian names.
HOW DOES THE MALWARE WORK
Once the user instals the app, it tries to get administrative rights to avoid the app from uninstallation. As soon as it gets, it registers itself with Firebase Cloud Messaging - a cross-platform messaging service that allows app developers to send messages and notifications. Then, accordingly, the malware allows the actors to send malicious links, holding other malware and instals them on the infected device.
Through those apps, attackers send illegitimate pop-up ads out of context and earn revenue. Also, it allows the attackers to insert malicious code to the device to root it and gain administrative access of the infected device for fraudulent activities.
As of now, Checkpoint researchers published a complete list of malicious guide companion apps in their blog post which includes guide for FIFA Mobile, Criminal Case, Super Mario, Subway Surfers, Pokemon Go, Lego Nexo Knights, Lego City My City, Ninjago Tournament, Rolling Sky, Amazing Spider-Man, Drift Zone 2, Dream League Soccer.
During February, Checkpoint researchers notified Google about the malicious apps. After that, the company removed those apps silently from the Playstore. Though officials removed the apps from Playstore, there are a large number of malicious apps already installed on many smart phones.
"Mobile botnets are a growing trend since early last year, growing in both sophistication and reach. This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code," said researchers from Checkpoint.
PROTECT YOUR DEVICE
* Always download apps which are from trusted and verified developers and stick to trusted sources, like Google Playstore and the Apple App Store.
* Verify app permissions before installing apps. If any app is asking more than what it is meant for, just do not instal it.
* Keep a good anti-virus app on your device that can detect and block such malware before it can infect your device. Always keep the app up-to-date.
* Do not download apps from third party source. Although in this case the app is being distributed through the official Playstore, most often, such malware are distributed via untrusted third-party app stores.
* Avoid unknown and unsecured wi-fi hotspots and keep your wi-fi turned off when not in use.
* Be careful which apps you give administrative rights to. Admin rights are powerful and can give an app full control of your device.
* Never click on links in SMS or MMS sent to your mobile phone. Even if the e-mail looks legit, go directly to the website of origin and verify any possible updates.