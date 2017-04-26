ANOTHER DAY, another story about Android malware. FalseGuide is the latest threat, and it reportedly has hijkacked two million smartphones and turned them into a money-making botnet.

Check Point uncovered the FalseGuide threat, which masquerates as walkthrough guides for popular titles including Pokémon Go and Super Mario.

It has been found lurking inside 40 seperate Android apps, the oldest of which was uploaded to Google Play on 14 February, and Check Point estimates that it has managed to infect more than two million devices, which is not a good thing.

Once downloaded, FalseGuide-infected apps will ask for "device admin" permission, which creates a seperate admin account for the app and means that the app cannot be deleted.

Once those permissions have been given, the app registers itself on Firebase Cloud Messaging, which allows it to send and receive messages with additional malware modules and instructions. This also explains how the app circumvented Google Play's built-in security, as the app itself isn't sn't malicious until it is downloaded and given admin privileges.

"Depending on the attackers' objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks", Check Point notes.

So far, though, FalseGuide has only been used to shove pop-up ads into the faces of users in an attempt to make money from views and clicks.

Check Point notes that it notified Google over the threat and that the offending apps were quickly removed from the the Play Store, but adds that newly-infected apps have continued to show up.

"This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code," Check Point said.

"Users shouldn't rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs." µ