blog

This Android Malware Will Steal Your Facebook Credentials

Written by Securafy Team | Apr 20, 2022 3:00:00 PM

Do you have an Android device?  Even if you don't, you know someone who does.

Google is incredibly good at spotting poisoned copies of apps on its Play Store and getting rid of them before they can spread to the devices of users who rely on the safety and security offered by the Play Store.

As good as they are, they're not perfect and sometimes malicious code masquerading as a legitimate app can slip through the company's impressive filtering system.

Recently, the company discovered that an Android app that has more than 100k installs contains a trojan called "FaceStealer" which displays a Facebook login screen that requires users to log in before they can make use of the app.

Although the Facebook login prompt looks official, it is not and all a user accomplishes by entering their login credentials is to give those credentials to the hackers that control the code.  Given that millions of people around the world use their Facebook login details to connect to a host of other websites, this essentially gives the hackers the keys to your digital kingdom. From that point there's really no end to the amount of damage they can do.

In addition to making the discovery itself, the researchers who originally brought the poisoned app to Google's attention did a deep dive into the malicious code and discovered that the author has apparently automated the repackaging process. This means that it's a trivial matter to turn almost any legitimate app into a carrier of this trojan.

Given that fact, it's worth asking the question, "How many other poisoned apps might there be on the Play Store right now?"

It's a fair question with no easy answer.  Your best bet is to practice extreme caution when downloading any app, only get them from the Google Play store and do as much due diligence as possible before committing to an installation.