Two million Android users have downloaded virus disguised as normal app

Rob Waugh
Contributor

Two million Android users have been fooled into downloading a strain of malware – hidden inside normal-looking apps on Google’s Play store.

The giveaway is that the app cannot be uninstalled – and allows hackers to remote-control infected devices.

The malware was hidden inside 45 game guides for games such as Pokemon and FIFA on Google’s official Play store for up to five months between 2016 and early this year, with several reaching 50,000 installs.

The app enables hackers to take ‘remote control’ of devices – and has been used to display bogus, illegal adverts in user’s devices, security researchers Check Point say.

MORE: Man collared by Theresa May says he was ‘amazed by how nervous she was’

MORE: The charts that show who will decide the outcome of the UK Election 2017

But the FalseGuide malware could be used to control infected phones as a ‘botnet’ – using them to perform hack attacks against websites and networks.

CheckPoint says, ‘Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.’

CheckPoint researchers notified Google of the malware, and the infected apps have since been removed from the store.

CheckPoint says that – as with many dodgy apps – the telltale sign is the permissions the app requests as it is installed.

CheckPoint says, ‘FalseGuide requests an unusual permission on installation – device admin permission. The malware uses the admin permission to avoid being deleted by the user, an action which normally suggests a malicious intention.