Security researchers convey at nowadays discovered a novel slice of malware, dubbed GhostTeam, inwards at to the lowest degree 56 applications on Google Play Store that is designed to pocket Facebook login credentials together with aggressively display pop-up advertisements to users.
Discovered independently yesteryear ii cybersecurity firms, Trend Micro together with Avast, the malicious apps disguise every bit diverse utility (such every bit the flashlight, QR code scanner, together with compass), performance-boosting (like file-transfer together with cleaner), entertainment, lifestyle together with video downloader apps.
Like most malware apps, these Android apps themselves don’t comprise whatever malicious code, which is why they managed to terminate upwards on Google's official Play Store.
Once installed, it kickoff confirms if the device is non an emulator or a virtual environs together with and thus accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to arrive at persistence on the device.
How Android Malware Steals Your Facebook Account Password
As presently every bit users opened upwards their Facebook app, the malware similar a shot prompts them to re-verify their delineate of piece of job organisation human relationship yesteryear logging into Facebook. Instead of exploiting whatever organisation or application vulnerabilities, the malware uses a classic phishing system inwards guild to acquire the undertaking done.
These faux apps precisely launch a WebView element amongst Facebook look-alike login page together with inquire users to log-in. Apparently, WebView code steals the victim's Facebook username together with password together with sends them to a remote hacker-controlled server.
"This is most probable due to developers using embedded spider web browsers (WebView, WebChromeClient) inwards their apps, instead of opening the webpage inwards a browser," Avast said.
Trend Micro researchers warn that these stolen Facebook credentials tin sack afterwards last repurposed to deliver "far to a greater extent than damaging malware" or "amass a zombie social media army" to spread faux word or generate cryptocurrency-mining malware.
Stolen Facebook accounts tin sack too expose "a wealth of other fiscal together with personally identifiable information," which tin sack together with thus last sold inwards the hugger-mugger markets.
Security firms believe that GhostTeam has been developed together with uploaded to the Play Store yesteryear a Vietnamese developer due to considerable exercise of Vietnamese linguistic communication inwards the code.
According to the researchers, the most users affected yesteryear the GhostTeam malware reportedly resides inwards India, Indonesia, Brazil, Vietnam, together with the Philippines.
Besides stealing Facebook credentials, the GhostTeam malware too displays popular upwards adverts aggressively yesteryear ever keeping the infected device awake yesteryear showing unwanted ads inwards the background.
Play Protect safety characteristic uses motorcar learning together with app usage analysis to take (i.e. uninstall) malicious apps from users Android smartphones inwards an assay to preclude whatever farther harm.
Although malicious apps floating on the official app shop is a never-ending concern, the best means to protect yourself is ever to last vigilant when downloading apps, together with ever verify app permissions together with reviews earlier y'all download one.
Moreover, y'all are strongly advised to continue a expert antivirus app on your mobile device that tin sack honor together with block such threat earlier they infect your device, together with most importantly, ever continue your device together with apps up-to-date.
