Pokémon GO is one of the most downloaded mobile games in history. Over 65 million players have downloaded the app worldwide. With its success, however, comes the risk of cyber attacks.
According to a report by Express, FalseGuide managed to infiltrate the devices of Pokémon GO players. It is a new type of malware disguised as guides to beat most popular mobile games. It was cleverly hidden in around 40 different apps found in the Google Play Store.
When Pokémon GO players download the fake guide, the app will install a malware that comes with a “silent botnet.” This, in turn, will allow hackers to successfully perform different kinds of attacks. The type of attack depends on the computing capabilities of the affected devices.
Of course, the mobile phone owners will remain clueless that their information is already compromised.
Furthermore, a blog post from Check Point Software Technologies noted that FalseGuide prompts an unusual permission upon installation, asking for device admin permission from the mobile phone owner. The blog explained that by granting permission, users still won’t be able to delete the malware. In turn, the malware gets to register itself to a Firebase Cloud Messaging topic that carries the same name as the app. It makes everything look normal to the user.
The moment the user subscribes to the topic, FalseGuide will be able to receive messages. FalseGuide can then download to the device.
Tech website Trusted Reviews, on the other hand, posted some helpful reminders for Pokémon GO players so that they can protect their devices from malware threat. First, they advised users to check the permissions that any app asks for. This is the first big opening that the malware can use to get into the device. They also advised users to download gaming guides and walkthroughs only from trusted sources like reputable developers.
Considering that the malware managed to infiltrate Google Play Store, players need to keep in mind that the online store cannot provide all the protection that they need.