FalseGuide masquerades as guides for popular apps.
There was yet more malware found on the Google Play Store. This malware, dubbed FalseGuide masquerades as walk-through guides for popular apps such as Pokémon GO! and Super Mario Run. This malware was found lurking within 40 separate apps by Check Point security.
Once installed, the malware asks for administrator permission. The malware then registers itself to a Firebase Cloud Messaging topic. It is through the Firebase messaging which the app obtains commands and additional software modules carrying malicious code. This is how the apps managed to land within the Google Play Store, bypassing the security checks. The malware doesn’t really contain malicious code until it receives it through the messaging service.
The modules can contain many types of malicious code. From rooting the device (if it’s not a BlackBerry) to being used to conduct DDoS attacks, to stealing the user’s information. So far, the malware has been primarily used to display pop-up ads on users devices, as a monetization ploy by the attackers.
Once again, be very careful of which permissions you grant your app. If an app is requesting admin access, it’s a fairly good indication that the app is up to no good.