Without a doubt, Facebook is probably one of the most popular social networking websites in the world. A whole marketing industry is built on promoting products and services on or through this platform. Obviously, it is an important target for cyber criminals to get hold of Facebook login details for all kinds of purposes, one of which may be shady promotional tactics. A new Android infection has been detected lately spreading through the Google Play Store. This infection, once installed on your Android device, can download further malware programs capable of stealing Facebook user name and password combinations. Fortunately, this malware infection has been found and removed from the store along with its developers' account. However, there is no way telling how many unsuspecting Android users have been infected and their Facebook accounts hacked. Please read our full article for the details we our researchers have found out about this malicious threat.
It seems that this new Android infection mainly targets English and Vietnamese speakers. As a matter of fact, research shows that it may originate from Vietnam. It has been found that there are several downloaders posing as lifestyle and entertainment applications, which are used in this attack. These applications managed to bypass Google security without detection because they do not exhibit any malicious trait in themselves. However, once uploaded to the store, they are available to millions of Android users, and when installed on the device, these apps start downloading malicious apps in the background, without your knowledge.
These malicious programs then require administrator rights from you, which would give them full control of your Android smartphone or whatever device you are using. Of course, you can choose not to grant admin rights but you will only end up being annoyed by false Google Play service error pop-up messages, which may also appear to be quite convincing and authentic. This message can be something like "Service error! Google Play services has been disabled by the system or a third party. Please enable to avoid unwanted bugs!" Although you are all safe until you actually click on the "Activate" button and thus enable the administrator rights, these pop-ups can be very distracting and make your virtual experience a real nightmare. This is why it is most likely that unsuspecting users grant this right sooner or later. But, of course, there is no way knowing how many of the infected Android users actually have given up and pressed this button.
There are a number of malicious tasks this new Android malware infection and the other threats it downloads can perform on your device. First of all, this infection can send information about you and your device to a remote Command and Control server, including your IP address, your location, your language settings, and your display settings. Some of the malware threats it may download behind your back could be used for malicious advertising, including click-fraud, which means that unsafe advertisements may be displayed on your device and you could be tricked into engaging with them or such threats may as well click on these on your behalf. This is how, for example, fake web traffic or Facebook likes can be generated, but you could also drop other infections in this way.
Nevertheless, probably the worst of all this is the main operation against your Facebook account. This malware can show you fake Google Play service notifications regarding your Facebook account so that you would be pushed to access your account. This infection does not use a fake login page; instead, it injects a malicious Javascript code when the legitimate Facebook login page comes up and plainly steals your user name and password. Can you image what may happen when cyber crooks gain access to your Facebook account? They can actually perform all the operations you can now, including friending or deleting users, posting in your name, texting people in your name, downloading your whole profile, sending malicious posts to your friends, and liking posts. When your login details are sold to third parties, they may use your account to fake statistics, such as number of likes, shares, and so on. Your account could also be used to promote products and services. Since you are an authentic user on Facebook, you are valuable to these cyber criminals.
Fortunately, as we have mentioned, this Android infection has been found and removed from the Google Play Store along with the developers' account. But already thousands of users may have infected their device. If you want to be on the safe side, you should delete all suspicious apps you have downloaded recently and run an anti-malware program on your device, too, in order to check it for other possible threats. In addition to this, you should also change your Facebook password right now. In fact, if you find such threats on your Android device, it may be wiser to modify all of your passwords. But first, make sure that you remove all Android infections from your smartphone or any other device you may use.