Thursday, December 5, 2024
HomeBotnetNearly 2 Million Android User Attacked by "FalseGuide" Malware in Google...

Nearly 2 Million Android User Attacked by “FalseGuide” Malware in Google Play Store – Beware

Published on

SIEM as a Service

[jpshare]A New Malware called “FalseGuide” Attacked Google Play Store users Nearly 2 Million Android User Infected along with Five additional apps and hide itself in Play store Almost 5 months since Nov 2016.

Earlier Stage of this Malware Reached over 50,000 Installations, and hidden with 40 guide apps for games.

“FalseGuide” Malware developed by Russian  “Анатолий Хмеленко.”(Anatoly Khmelenko)  who Specially Target the game Downloaders in Google Play Store .

- Advertisement - SIEM as a Service

Latest Discovered malware in google play such as MilkyDoor ,Bankbot are having Capability of infect the Enterprise Network and spreading  botnet to Android users ,same as FalseGuide also not much Different for those Play store malware.

According to the Checkpoint Researchers ,FalseGuide creates a silent botnet out of the infected devices for adware purposes and silently control the infected users Android Mobile by Hackers without their knowledge.

Checkpoint said ,FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging topic which has the same name as the app.

 FalseGuide DDoS attack Capability:

“FalseGuide” display illegitimate pop-up ads in victims Mobiles by using background services when Device Starts Booting and its will gain the root access and then taking control the victims device for doing Botnet activities .

Even more “FalseGuide” Hijack the Mobile Network and Performing DDoS attack to infected Networks.

Major Reason for  FalseGuide infection:

  1. Checkpoint Researchers explained, First, guiding apps are very popular, monetizing on the success of the original gaming apps.

2. Second, guiding apps require very little development and feature implementation.

This The malicious apps were submitted under the names of two fake developers – Sergei Vernik and Nikolai Zalupkin who is Belongs to Russia.

Checkpoint Team Finally Reported to Google Security team and it was swiftly removed from the app store.

Also Read :

Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

Creating and Analyzing a Malicious PDF File with PDF-Parser Tool

Google strengthen it’s defence against Ransomware to Attack Android

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware

Attackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by...

Weaponized Word Documents Attacking Windows Users to Deliver NetSupport & BurnsRAT

The threat actors distributed malicious JS scripts disguised as legitimate business documents, primarily in...

ElizaRAT Exploits Google, Telegram, & Slack Services For C2 Communications

APT36, a Pakistani cyber-espionage group, has recently upgraded its arsenal with ElizaRAT, a sophisticated...