After many efforts made by Google last year, harmful programs always somehow deal with to make their ways into Google Play store.
Security researchers have now found out a new item of malware, dubbed GhostTeam, in at least 56 applications on Google Play App store designed to steal Fb login credentials and strongly display pop-up advertisements to users.
Discovered independently by two cybersecurity firms, Tendency Micro and Avast, the malicious software disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and online video downloader apps.
Like most malware apps, these Android os programs themselves don't contain any malicious code, which is why they maintained there residence on Google's Play Store.
Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloading the malware payload, which prompts the victim to approve device administrator accord to gain persistence on the device.
"The downloader software collects information about the device, such as unique device IDENTITY(IMEI Number), location, language and screen parameters, " Avast said. "The device's location is obtained from the IP address that can be used when contacting online services offering >geolocation information for IPs. "
How Android Adware and spyware Steals Your Facebook Accounts Password
As soon as users open their Facebook .com app, the malware immediately prompts these to re-verify their account by logging into Facebook. Rather than taking advantage of any system or software vulnerabilities, the malware uses a classic phishing system in order to get the job done.
These kinds of fake programs simply start a WebView component with Facebook look-alike login web page and ask users to log-in. Apparently, WebView code steals the victim's Facebook . com account information and delivers them to a web-affiliated hacker-controlled server.
"This is most probably due to developers using embedded web browsers (WebView, WebChromeClient) in their apps, as opposed to beginning the webpage in a browser, " Avast >said.
Trend Micro researchers alert that these stolen Fb credentials can later be repurposed to deliver "far more damaging malware" or "amass a zombie interpersonal media army" to pass on fake news or make cryptocurrency-mining malware.
Stolen Facebook or myspace accounts can also uncover "a wealth of other financial and personally recognizable information, " which can then be sold in the underground markets.
In addition to the research the most users impacted by the GhostTeam adware and spyware reportedly resides in India, Indonesia, Brazil, Vietnam, and the Philippines.
Besides taking Facebook credentials, the GhostTeam malware also displays take up adverts aggressively by always keeping the afflicted device awake by exhibiting unwanted adverts in the background.
All of the Apps have been removed by Google from the Play Store after experts reported them to the corporation. However, users who have already put one in such iphone app on their devices should make sure they may have Google Play Protect enabled.
Take up Protect security feature uses machine learning and application use analysis to get rid of (uninstall) malicious programs from users Android smartphone in an effort to prevent further harm.
Though malicious applications floating on the official application store is a never-ending matter, the best way to protect yourself is always to be vigilant when downloading apps, and always verify application permissions and reviews before you down load one.
Moreover, you are strongly advised to keep a good antivirus software on your mobile device that can identify and block such threat before they infect your device, and a lot importantly, always keep your device and software
up-to-date .
Image source: https://thehackernews.com/2018/01/facebook-password-hacking-android.html?m=1
How great post .
I am very interested about such type of topics.
You gained a new follower.
I wish i would get many information from you .
Congratulation.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks bro...
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by khalidjr11 from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews, and netuoso. The goal is to help Steemit grow by supporting Minnows. Please find us at the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP.
Be sure to leave at least 50SP undelegated on your account.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This post has received a 2.71 % upvote from @drotto thanks to: @khalidjr11.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Really well written and informative post @khalidjr11
I've gave you an upvote, resteemed and followed you, so look forward to your future content.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @khalidjr11! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPDownvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit