Beware: facebook password stealing apps found on Android play store


Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store.

Security researchers have now discovered a new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users.
Discovered independently by two cybersecurity firms, Trend Micro and Avast, the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps.
Like most malware apps, these Android apps themselves don’t contain any malicious code, which is why they managed to end up on Google's official Play Store.

Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to gain persistence on the device.
"The downloader app collects information about the device, such as unique device ID, location, language and display parameters," Avast said. "The device’s location is obtained from the IP address that is used when contacting online services that offer geolocation information for IPs."

How Android Malware Steals Your Facebook Account Password


As soon as users open their Facebook app, the malware immediately prompts them to re-verify their account by logging into Facebook. Instead of exploiting any system or application vulnerabilities, the malware uses a classic phishing scheme in order to get the job done.

These fake apps simply launch a WebView component with Facebook look-alike login page and ask users to log-in. Apparently, WebView code steals the victim's Facebook username and password and sends them to a remote hacker-controlled server.
"This is most likely due to developers using embedded web browsers (WebView, WebChromeClient) in their apps, instead of opening the webpage in a browser," Avast said.

Trend Micro researchers warn that these stolen Facebook credentials can later be repurposed to deliver "far more damaging malware" or "amass a zombie social media army" to spread fake news or generate cryptocurrency-mining malware.
Stolen Facebook accounts can also expose "a wealth of other financial and personally identifiable information," which can then be sold in the underground markets.

Security firms believe that GhostTeam has been developed and uploaded to the Play Store by a Vietnamese developer due to considerable use of Vietnamese language in the code.

According to the researchers, the most users affected by the GhostTeam malware reportedly resides in India, Indonesia, Brazil, Vietnam, and the Philippines.

Besides stealing Facebook credentials, the GhostTeam malware also displays pop up adverts aggressively by always keeping the infected device awake by showing unwanted ads in the background.
All the apps have since been removed by Google from the Play Store after researchers reported them to the company. However, users who have already installed one such app on their devices should make sure they have Google Play Protect enabled.

Play Protect security feature uses machine learning and app usage analysis to remove (i.e. uninstall) malicious apps from users Android smartphones in an effort to prevent any further harm.

Although malicious apps floating on the official app store is a never-ending concern, the best way to protect yourself is always to be vigilant when downloading apps, and always verify app permissions and reviews before you download one.

Moreover, you are strongly advised to keep a good antivirus app on your mobile device that can detect and block such threat before they infect your device, and most importantly, always keep your device and apps up-to-date.

Comments

  1. roselewis47019 February 2018 at 12:20


    hello guys,have you ever wondered what your spouse is doing behind you?i was able to get proof that my ex husband was cheating on me through the help of a good soul which was referred to me by Mrs Jane.i messaged him and to my greatest surprise he's real and he got me result in less minutes,he's a great professional ,applause for him always as i told him i will let the world know him,do you have any problem spying on someone,track a cheating spouse,hack into text messages and phone calls,bank statement hacks and criminal records erased also you can boost your school grade,hack into whats' app,facebook,viber,emails,gmail and whatsoever related to hacking or your trying to get into a phone without the owner's consent,he's an expert and won't ever fail you. contact hackdigg at g mail dot com or text his number +15186284630 ,also you can text him on whats app or call him with this number on what's app +15185049376 and let him know i referred you.for sure he will help you.
    Email:hackdigg at gmail dot com
    Text num:+15186284630
    what's app num:+15185049376
    tell him Roseline referred you.

    ReplyDelete
  2. fredrick27 February 2019 at 08:08

    hello everyone. I want to recommend (WORLDCYBERHACK) on instagram or WhatsApp : +12678773020 for helping me getting access to my girlfriends mobile phone. He was reliable and trustworthy. you can contact him if you need help. He will surely help you. I am grateful I met him

    ReplyDelete

Post a Comment

Popular Hacking news

send whatsapp messages can be deleted, but they don't really go away

Image
Encrypted messaging platform WhatsApp recently added the ability to delete sent messages, but the team at Android Jefe (article is in Spanish) has discovered that they don't quite disappear completely. A deleted text still exists on the recipient's device in the form of a notification, Android Jefe found, and with the proper software it can be read hours later. As an individual bug it might not sound too concerning, but the Android notification log doesn't exist in a vacuum. If an Android device has already been compromised by malware, the notification log could be a way for anyone to read WhatsApp messages, deleted or not, and that's a huge security problem for an app that prides itself on being private and secure. Android notifications and you Every time a notification comes to an Android device it gets stored in a log that records everything from that Android session (it clears on reboot). If you can access the notification log you can see a list of every
Read more

Bill Gates tells me how he hacked his school's computer to meet girls

Image
B ill Gates needs no introduction whatsoever. After all, he co-found Microsoft and is currently the richest person in the world. In 2000, he also launched the Bill and Melinda Gates Foundation that has donated more than $34 billion to the projects aimed at social welfare.  Gates used his first computer at a private school in Seattle. There, he wrote his first computer program aged just 13. It was the same Lakeside School where Gates met Paul Allen and became friends over a shared love of computers. Apart from being enthusiastic about computers, they used to hack into computers from time to time. You must have heard the famous story that tells how Gates hacked into his school computer to meet girls. In a recent interview with BBC, Bill Gates sheds more light over this story and tells how he enrolled himself into the classes where he was the only boy. He and fellow Microsoft co-founder Paul Allen hacked and make changes into school’s scheduling software to up Gates’ chances of
Read more