Android Trojans Steal Sensitive Facebook Data

Do you use Facebook on your Android phone, either through the web or via the official app? Congratulations, you’re like possibly hundreds of millions of people worldwide. Do you have any QR or barcode scanning apps? Compass apps? Chess? Audio recording apps?

Most smartphone and tablet users have at least one of those types of apps. I have a QR code scanner and an audio recording app on my phone. Now look through your Google Play Store app. Do any of your apps say they were developed by Mplus Group? If so, you have reason to be concerned.

GhostTeam Trojans

Security researchers have discovered at least 53 Android app Trojans, with Facebook credential stealing malware which has been named GhostTeam. Many of the offending apps are developed by Mplus Group. At least one of the apps, Download Videos From Facebook, is developed by Music’s Life. The developer name in the Play Store can’t necessarily be used to determine the individuals behind the malware, but it can be a way to differentiate GhostTeam Trojans from apps which are safe.

GhostTeam Trojan apps have been in the Google Play Store since at least April 2017, and Google just recently removed them. Download Videos From Facebook by Music’s Life alone has over 100,000 downloads, so possibly over a million devices have one of the GhostTeam Trojan apps.

Most GhostTeam victims are from some of the countries in the world with the largest populations – India, Indonesia, Brazil, the Philippines, Japan, China. But there are also many Android devices outside of those countries which are infected.

When Google removed the apps from the Play Store, they stopped making it possible for people to download the apps through the Store and get updates for those apps through the Store. But Google’s action will not (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Kim Crawley. Read the original post at: Cylance Blog