Security researchers convey at nowadays discovered a novel slice of malware, dubbed GhostTeam, inward at to the lowest degree 56 applications on Google Play Store that is designed to bag Facebook login credentials as well as aggressively display pop-up advertisements to users.
Discovered independently past times 2 cybersecurity firms, Trend Micro as well as Avast, the malicious apps disguise every bit diverse utility (such every bit the flashlight, QR code scanner, as well as compass), performance-boosting (like file-transfer as well as cleaner), entertainment, lifestyle as well as video downloader apps.
Like most malware apps, these Android apps themselves don’t incorporate whatever malicious code, which is why they managed to cease upwards on Google's official Play Store.
Once installed, it showtime confirms if the device is non an emulator or a virtual environs as well as thus accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to attain persistence on the device.
How Android Malware Steals Your Facebook Account Password
As shortly every bit users opened upwards their Facebook app, the malware right away prompts them to re-verify their trouble concern human relationship past times logging into Facebook. Instead of exploiting whatever organisation or application vulnerabilities, the malware uses a classic phishing system inward society to acquire the chore done.
These mistaken apps but launch a WebView component amongst Facebook look-alike login page as well as enquire users to log-in. Apparently, WebView code steals the victim's Facebook username as well as password as well as sends them to a remote hacker-controlled server.
"This is most probable due to developers using embedded spider web browsers (WebView, WebChromeClient) inward their apps, instead of opening the webpage inward a browser," Avast said.
Trend Micro researchers warn that these stolen Facebook credentials tin after live on repurposed to deliver "far to a greater extent than damaging malware" or "amass a zombie social media army" to spread mistaken intelligence or generate cryptocurrency-mining malware.
Stolen Facebook accounts tin likewise expose "a wealth of other fiscal as well as personally identifiable information," which tin thus live on sold inward the undercover markets.
Security firms believe that GhostTeam has been developed as well as uploaded to the Play Store past times a Vietnamese developer due to considerable utilisation of Vietnamese linguistic communication inward the code.
According to the researchers, the most users affected past times the GhostTeam malware reportedly resides inward India, Indonesia, Brazil, Vietnam, as well as the Philippines.
Besides stealing Facebook credentials, the GhostTeam malware likewise displays popular upwards adverts aggressively past times ever keeping the infected device awake past times showing unwanted ads inward the background.
Play Protect safety characteristic uses car learning as well as app usage analysis to take away (i.e. uninstall) malicious apps from users Android smartphones inward an essay to forbid whatever farther harm.
Although malicious apps floating on the official app shop is a never-ending concern, the best means to protect yourself is ever to live on vigilant when downloading apps, as well as ever verify app permissions as well as reviews earlier you lot download one.
Moreover, you lot are strongly advised to continue a skillful antivirus app on your mobile device that tin uncovering as well as block such threat earlier they infect your device, as well as most importantly, ever continue your device as well as apps up-to-date.
