Thousands
of Android users targeted by phishing apps harvesting their Facebook
credentials.
ESET®, a global pioneer in IT security
for more than two decades, recently analyzed two new samples of malware on
Google Play masquerading as games called Cowboy Adventure[1]
and Jump Chess. The apps contained a
trojan functionality allowing them to carry out Facebook phishing attacks. Google
has since taken down both of the apps and now displays a warning before their
installation on Android devices. Read the complete story on
WeLiveSecurity.com.
A few months ago, Google has also announced that the
company has
been improving
security mechanisms on its Google Play Store to lower the risk of its users
getting infected by malware.
Unlike
Fake
Minecraft which was
recently analyzed by ESET, both Cowboy Adventure and Jump Chess were actual full-fledged
games in addition to containing a fraudulent element. After this app’s launch
on an Android device, it would display a fake Facebook login window and send
over the victim’s Facebook credentials directly to the attackers’ server.
“Despite the fact that the number of potential
victims may have been up to one million, thankfully many were able to avoid
being tricked by this scam as the negative user comments helped prevent them
from entering their Facebook user name and password,” said Robert Lipovsky, Senior
Malware Researcher at ESET.
As a
rule, you should not underestimate the importance of a malware scanner on
Android devices. ESET
Mobile Security
detects both of the malware-laden games as Android/Spy.Feabme.A.
[1] There is another app on Google Play called Cowboy Adventure, by
AiTianTian Studio. So far as we know, that app is not a security risk.