FalseGuide Android Malware
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Affected platforms
The following platforms are known to be affected:
Threat details
The FalseGuide malware can be used to root an Android device, conduct a DDoS attack and penetrate private networks. At the time of publication, Google has removed the latest malicious FalseGuide apps from the Google Play store, however the malware authors have historically been able to successfully evade malicious code-scanning attempts so it is likely that FalseGuide will re-appear.
FalseGuide targets game guide apps because they are widely popular in the gaming community and require little development from the author. For malware authors this is a good way to reach a large audience with little effort. FalseGuide enrols infected devices into a silent botnet which can be used to launch DDoS attacks.
The following describes the FalseGuide attack in stages:
- At the time of app installation, FalseGuide asks for administrator permissions.
- The malware registers itself to a Firebase Cloud Messaging topic.
- FalseGuide receives messages containing links to additional malicious modules which are downloaded and installed on the infected devices.
Remediation steps
Last edited: 17 February 2020 11:30 am