1 month ago

Facebook Password Stealing Apps Found on Android Play Store


Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store.

Security researchers have right now discovered a brand-new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store in which will be designed to steal Facebook login credentials in addition to aggressively display pop-up advertisements to users.

Discovered independently by two cybersecurity firms, Trend Micro in addition to Avast, the malicious apps disguise as various utility (such as the flashlight, QR code scanner, in addition to compass), performance-boosting (like file-transfer in addition to cleaner), entertainment, lifestyle in addition to video downloader apps.

Like most malware apps, these Android apps themselves don’t contain any malicious code, which will be why they managed to end up on Google’s official Play Store.

Once installed, in which first confirms if the device will be not an emulator or a virtual environment in addition to then accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to gain persistence on the device.


“The downloader app collects information about the device, such as unique device ID, location, language in addition to display parameters,” Avast said. “The device’s location will be obtained by the IP address in which will be used when contacting online services in which offer geolocation information for IPs.”

How Android Malware Steals Your Facebook Account Password

As soon as users open their Facebook app, the malware immediately prompts them to re-verify their account by logging into Facebook. Instead of exploiting any system or application vulnerabilities, the malware uses a classic phishing scheme in order to get the job done.

These fake apps simply launch a WebView component with Facebook look-alike login page in addition to ask users to log-in. Apparently, WebView code steals the victim’s Facebook username in addition to password in addition to sends them to a remote hacker-controlled server.

“in which will be most likely due to developers using embedded web browsers (WebView, WebChromeClient) in their apps, instead of opening the webpage in a browser,” Avast said.

Trend Micro researchers warn in which these stolen Facebook credentials can later be repurposed to deliver “far more damaging malware” or “amass a zombie social media army” to spread fake news or generate cryptocurrency-mining malware.

Stolen Facebook accounts can also expose “a wealth of additional financial in addition to personally identifiable information,” which can then be sold inside underground markets.

Security firms believe in which GhostTeam has been developed in addition to uploaded to the Play Store by a Vietnamese developer due to considerable use of Vietnamese language inside code.

According to the researchers, the most users affected by the GhostTeam malware reportedly resides in India, Indonesia, Brazil, Vietnam, in addition to the Philippines.

Besides stealing Facebook credentials, the GhostTeam malware also displays pop up adverts aggressively by always keeping the infected device awake by showing unwanted ads inside background.


All the apps have since been removed by Google by the Play Store after researchers reported them to the company. However, users who have already installed one such app on their devices should make sure they have Google Play Protect enabled.

Play Protect security feature uses machine learning in addition to app usage analysis to remove (i.e. uninstall) malicious apps by users Android smartphones in an effort to prevent any further harm.

Although malicious apps floating on the official app store will be a never-ending concern, the best way to protect yourself will be always to be vigilant when downloading apps, in addition to always verify app permissions in addition to reviews before you download one.

Moreover, you are strongly advised to keep a Great antivirus app on your mobile device in which can detect in addition to block such threat before they infect your device, in addition to most importantly, always keep your device in addition to apps up-to-date.

Article Categories:
Security Hacks

Leave a Comment

Your email address will not be published. Required fields are marked *

5 × 3 =