The conventional wisdom is that limiting your app downloads to the Play Store will help you avoid malware. That's true for the most part, but every now and then we hear about something sketchy that fell through the cracks. For instance, the security firm Check Point says that a number of "game guide" apps in the Play Store were hiding malicious code, and they may have accumulated millions of downloads.
Check Point has named this malware "FalseGuide" in recognition of its presence exclusively in guide apps. These apps are a quick way to get malware out there as there's very little development needed, and the malware can piggyback on the popularity of an established game. When FalseGuide is installed, it does something unusual—it requests administrator access. This makes it more annoying to uninstall, but the user does have to manually okay this feature. Not everyone will do so.
When it's run by the user, FalseGuide registers with a Firebase Cloud Messaging topic and receives additional modules to begin its work. Check Point was able to verify FalseGuide is currently used to display popup ads out of context in order to make money for the operators. However, a botnet can be used for many things including DDoS attacks.
One of the malicious apps
Google removed all instances of FalseGuide after being alerted to it by Check Point, but it did survive in the Play Store for a few months. The number of downloads is hard to pin down, and Check Point's estimates are just based on the displayed download range. The security firm says nearly 2 million could have been infected, but it may have been as low as a few hundred thousand. However, not all those who downloaded it necessarily ran it or granted administrator access when asked. The real impact is unclear, but maybe you should steer clear of those guide apps anyway.
- Check Point