More than 50 apps have been discovered in the Google Play Store with a malicious code that can steal your Facebook passwords.
This code has been dubbed GhostTeam by the cybersecurity company Trend Micro, the discoverer of this threat. For now, GhostTeam has affected users in India, Indonesia, Brazil, Vietnam and the Philippines.
“Apps pass themselves off as utilities such as flashlight, QR scanner, compasses for performance optimization apps or even video downloaders,” explains Kevin Sun, mobile threat analyst.
After being downloaded, these apps pretend to be Google Play Services. When the victim opens Google Play or Facebook, the malicious app begins to make its own.
“Once the user opens the Facebook app, a dialog appears asking him to verify the account. The verification process seems typical, but behind the scenes, the app runs WebView and corrupts it to steal Facebook’s access data.”
Trend Micro believes that the stolen passwords have not been used yet. The bad news is that it is possible that these passwords are sold to the black market.
Trend Micro advises users that they have the latest version of Android installed and that before downloading an app read the opinions of users.
Many of these apps have been in the Play Store since April 2017. Google has removed them after Trend Micro alerted you to their existence. However, it remains to know the number of people affected.
