An estimated 2 million Android users have now fallen victim to malware mistakenly downloaded from Google Play, which was initially reported to have affected approximately 600,000 users.
The malware, dubbed FalseGuide, was hidden in more than 40 guide apps for games, the oldest of which was uploaded to Google Play as early as November last year, security researchers from Check Point said.
“Since April 24, when the article below was first published, Check Point researchers learned that the FalseGuide attack is far more extensive than originally understood,” Check Point said.
“The apps were uploaded to the app store as early as November 2016, meaning they hid successfully for five months, accumulating an astounding number of downloads.”
The security firm said it found five additional apps containing the malware on Google Play, developed by “Анатолий Хмеленко” — translated as Anatoly Khmelenko — since it made its findings public.
The malware was hidden in fake companion guide applications for popular games including Pokémon Go and FIFA Mobile, and Check Point initially reported that several of these fake guides had been downloaded more than 50,000 times. It creates a silent botnet out of the infected devices for adware purposes.
Once downloaded onto a device, FalseGuide requests device admin permission, which the malware uses to ensure the app cannot be deleted by the user — an activity that usually suggests the app is likely to be malicious.