FalseGuide: A New Malware Going Around Infecting Nearly 2 Million Android Users via Google Play

FalseGuide, a new strain of malware has been identified by Mobile threat researchers at Check Point. Infecting millions of Android devices, this new botnet malware, dubbed FalseGuide was hidden in over 40 guide apps for games in Google Play Store.

FalseGuide A New Malware Going Around Infecting Nearly 2 Million Android Users via Google Play.

  1. Nearly 2 Million Android Users Infected:

  2. Measures to follow to remain unaffected:

Nearly 2 Million Android Users Infected:

Initially thought to be 600,000 users, the number of Android users who have installed malware on their devices from Google Play Store has reached 2 Million so far.

According to Check Point, FalseGuide creates a “silent botnet out of the infected devices” to deliver fraudulent mobile adware and generate ad revenue for cybercriminals. (A botnet is a group of devices controlled by hackers without the knowledge of their owners). The malware requests an unusual permission on installation i.e., device admin permission so that to avoid being deleted by the user, an action which normally suggests a malicious intention. The malware then registers itself to a Firebase Cloud Messaging – a cross-platform messaging service that allows app developers to send messages and notifications.

Once subscribed to the service, FalseGuide can allow the attackers to send messages containing links to additional modules and download them to the infected device, enabling attackers to display illegitimate pop-up ads out of context. Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.

“Mobile botnets are a growing trend since early last year, growing in both sophistication and reach. This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code. Users shouldn’t rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar solutions on their PCs.”

“The apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads. The updated estimate now includes nearly 2 million infected users,” Check Point researchers wrote in a blog post.

Check Point has listed all the games that carry the new FalseGuide malware – Guide or FIFA Mobile, Guide for LEGO Nexo Knights, Guide for Rolling sky, Guide for Terraria, Guide for Pokemon GO, Guide Amazing Spider-Man 2, ProGuide LEGO Marvel Superhero, Guide Dream League Soccer, LEGUIDE LEGO City Undercover, LEGUIDE LEGO City My City, Guide for Rolling Sky, Guide for Ninjago Tournament, Guide for Hungry Shark World, Guide For FIFA 17, Guide for Mortal Kombat X, Guide for Shadow fight 3 and 2 and many more.

FalseGuide A New Malware Going Around Infecting Nearly 2 Million Android Users via Google Play (2)

A screenshot which allegedly shows an app that’s been infected with the malware


Check Point researchers notified Google about FalseGuide in February, after which the company silently removed the malware apps from the Play Store.

But despite being removed, the malicious apps are likely still active on a number of devices, leaving Android users open to cyber attacks.