App-based guides for games have targeted more than 500,000 users with malware. According to researchers at Check Point, More than 40 guide apps, including Fifa and Pokemon Go, for popular games were found to be capable of delivering the malware to users’ devices.
It is expected that the apps were downloaded between 528,000 and 1.8 million times, though it is not known how many of these downloads resulted in the deployment of malware.
“Since the actual apps do not contain any malicious code themselves, it’s very hard to trace,” said Daniel Padon, at Check Point.
When an app is downloaded, it asks users for device admin permission to ensure the software cannot be deleted. It then tries to establish a connection with a command and control server, turning the device into a bot in a botnet – a network of devices controlled from afar. Malicious software can then be downloaded.
This could allow hackers to send illegitimate pop-up ads, use the device as part of a DDoS attack, or snoop on data sent via the device’s network.