FalseGuide Virus Spreading via Game Guiding Apps: Two Million Users Infected

FalseGuide's primary goal is infecting and adding devices to its botnet. For now, this botnet just displays ads to its victims. Current FalseGuide’s activities are similar to other notorious Android malware such as Leadbolt and DressCode. What makes FalseGuide different is the way malware authors achieve this.

An app infected with FalseGuide

The gang behind FalseGuide is distributing this virus by means of more than 40 game guiding apps published to the Play Store by only three developers with Russian names: Sergei Vernik, Anatoly Khmelenko, Nikolai Zalupkin.

FalseGuide camouflages as guiding apps for games for several reasons. First, guiding apps are extremely popular, they monetize on triumph of the original games. Second, guiding apps involve hardly any development and features. For virus creators, it is a great way to target a wide-ranging group of users with little effort.

Thoughtful consumers well aware of the permissions they give to apps can easily spot that something bad happens since fake app requests Device Admin rights. This permission generates an additional admin account for the app. 
Game guiding apps are simply a bunch of pictures and text. There really should be no reason to grant an app that resembles a webpage ability to create an additional admin account. 

As lots of people usually neglect the permissions request notice throughout an app's installation procedure, these rogue apps are able to obtain the things they request, consequently two million people were already fooled by FalseGuide.

On the devices where the app gets admin privileges, it is going to connect to a Firebase Cloud Messaging thread and just wait for commands from malware authors. FalseGuide owners may then utilize this Firebase thread to push modules that all contaminated devices will download and launch without the gadget owner's knowledge.

These modules are able to run DDoS attacks, become relay points and reach private networks, display advertisements to affected webhosts. 

Although right now FalseGuide has been utilized simply to display advertisements, the risk of getting virus with this kind of stealthy capabilities on your phone is obvious, as this virus may at any time make a U-turn and begin gathering private info from the user's device or lock files and then demand ransom payments.