Pokemon Go on iPhone
Security experts uncovered malware posing as a guide for Pokemon Go Reuters

Security researchers are warning that up to 600,000 Android devices have potentially been infected with a newly-discovered strain of botnet-malware, dubbed FalseGuide, caught posing as walkthroughs for popular mobile games including Pokémon Go and Fifa.

The malware was hidden in more than 40 separate guide applications with the oldest being uploaded to the official Google Play Store on 14 February 2014. Several of the apps managed to reach more than 50,000 installs, Check Point security experts said in a blog post.

According to the cybersecurity firm, FalseGuide was aiming to create a "silent botnet" out of the infected devices for adware purposes. Botnets are often used in cybercrime and typically consist of a series of infected devices, computers or internet of things (IoT) products.

In most cases, a user will not be aware their device is even being used for malicious purposes.

In this instance, Check Point said the malware relied on receiving an "administrator" permission (which meant it could avoid being deleted by the user) before registering to a cloud-based messaging service.

From there, FalseGuide was able to receive messages, which the developers could use to push additional commands to the device. This activity could include gaining "root" (full) access over the device or using its power to help launch a distributed-denial-of-service (DDoS) cyberattack.

The researchers said a number of the malicious applications have now been taken down by Google after being uncovered by the security firm.

Ultimately, Check Point said the malware was being used to display "illegitimate pop-up ads out of context" and using a "background service" that started running once the device is booted.

The malicious applications, the experts added, were submitted to the Google Play Store by two developers using the – likely fake - names Sergei Vernik and Nikolai Zalupkin.

"FalseGuide masquerades as guiding apps for games for two major reasons," said researchers Oren Koriat, Andrey Polkovnichenko and Bogdan Melnykov, in a joint analysis.

"First, guiding apps are very popular, monetising on the success of the original gaming apps. Second, guiding apps require very little development and feature implementation. For malware developers this is a good way to reach a widespread audience with minimal effort.

"Mobile botnets are a growing trend since early last year, growing in both sophistication and reach," the experts said. "This type of malware manages to infiltrate Google Play due to the non-malicious nature of the first component, which only downloads the actual harmful code.

"Users shouldn't rely on the app stores for their protection, and implement additional security measures on their mobile device, just as they use similar [products] on their PCs."

Last week (18 April), a team of researchers from Securify, a Dutch cybersecurity firm, found a financial fraud Trojan dubbed 'BankBot' on Google Play. In another recent incident, spyware used to track infected devices was found to have sat undetected in the marketplace for three years.

IBTimes UK contacted Google for comment however had received no response at the time of publication.