FalseGuide

High-level Description

  • Year: 2017
  • Blog: https://blog.checkpoint.com/2017/04/24/falaseguide-misleads-users-googleplay/

This malware sample aims to perform privilege abuse, and run an unknown payload. Device admin privileges are requested upon launching the application to increase difficulty of uninstallation. The app further retrieves commands from Firebase messaging services to download a payload. It then runs the payload on boot complete or after receiving the message.

Signature


The image of the signature can be downloaded here for closer inspection.