A team of researchers composed by security experts from both Avast and Trend Micro has discovered a hidden malware in Google Play apps which has the ability to steal victims Facebook passwords.
According to the report, the total number of malicious apps is 53 and they were available on Google’s official store since April 2017. Because of this, researchers believe that these were launched in mass. Besides from extracting Facebook’s credentials, the virus, called GhostTeam, also sends ads to the devices.
The apps affected by this Android malware are mostly entertainment and lifestyle apps. Among them are a lantern app, bar code scanners, voice recorders, a compass and video downloader. Most of them had been uploaded by the developer Mplus Group. If you want to make sure that you don’t have any of the infected apps on your phone, you can check the full list in this link that the Trend Micro team has published.
GhostTeam has managed to dodge Google Play’s security measures thanks to its functioning. These 53 apps that users install are apparently harmless, but hide a downloader that, when the time comes, contacts a C&C server to download other apps that contain the actual malware. This second app, usually hides as a system tool in order to go unnoticed and get admin rights by tricking the user.
Once the malware is on the device, it will start to send intrusive ads to the smartphone and it will be ready to steal the victim’s Facebook password. Unlike other viruses, in this case, it doesn’t use a fake website to obtain the credentials, it is capable of getting them from the real home page of the social network.
Check if you haven’t installed any of the infected apps in the Trend Micro website we mentioned above and if you happen to find one in your smartphone, change your Facebook user and password immediately in case your credentials have been stolen.