Posted on April 27, 2017 at 1:34 PM
More than 500,000 Users Targeted by Game Guide Malware
It’s recently discovered that application-based guides for games like Pokemon Go and Fifa were used for infecting over 500,000 Android devices with malware. A cyber security company called Check Point discovered several apps on Google Play Store that were infected with malware that was designed to take control of the device.
Google has yet to give an official statement concerning the situation.
The number of apps that could have delivered the malicious software on the users’ device is over 40, according to some sources.
Some believe that the apps were downloaded somewhere in between 528,000 and 1.8 million times, but for now, it’s unknown how many of those downloads and installs actually caused the malware to activate and infect Android devices. Check Point’s Daniel Padon has stated that the apps themselves don’t contain malicious code, so it’s difficult to trace and calculate how many devices are actually infected.
He also said that Google has removed every app that was suspected of being infected, however, the ongoing investigation is still managing to discover new apps that carry the malware.
Some of the apps are pretty new and recent, while others were found to be uploaded back in November 2014. Upon the download, the app receives admin permission, which makes it impossible for the user to delete it afterward. After that, it establishes a connection with its command and control server, which turns the device into a part of a botnet, which is an entire network of connected devices that are remotely controlled. Once this is done, the app starts downloading malicious software.
Padon has stated that, at this point, the attacker has complete control over the infected device, and can do pretty much anything they want. The device can be used as a part of a DDoS attack, or it might simply start popping up illegitimate ads. The hacker can even investigate the data that was previously sent through the network that the device usually uses. This kind of attacks that create mobile botnets are, apparently, becoming more and more common.
Padon has also said that several different botnets were found trying to spread via the Play Store. Google is probably doing everything they can to stop this, but it’s not so easy, considering the number of the apps, and the fact that hackers are constantly finding new ways to cloak the malicious content.
Avast’s Nikolaos Chrysaidos has stated that “At the moment, it seems like the cyber-criminals behind the threat are only interested in making money from ads. The threat currently has very basic functionalities. However, there is nothing stopping the threat from becoming more sophisticated in the future.”
Attacks like this are increasing rapidly, and the malware is becoming more and more sophisticated and sneaky, which sometimes makes even the user ignorant of its existence, which is one another problem that makes detection almost impossible before it’s too late.