This Android malware wants to steal your Facebook login and bombard you with ads

Blog Post created by Christo.1 Employee on Jan 18, 2018

Researchers have found 53 apps distributing malware that steals Facebook credentials -- some of which have been active since April 2017 and downloaded over 100,000 times.


Malware which aims to steal Facebook login credentials and also aggressively displays pop-up adverts has been uncovered targeting Android users via the Google Play store -- and may have been downloaded by hundreds of thousands of unwitting victims.

Dubbed GhostTeam after strings in the code by the analysts at security company Trend Micro which uncovered it, the malware was first published in April 2017 and was disguised in the official Android marketplace as utility apps, performance boosters, and social media video downloaders.

A total of 53 applications have been identified as distributors of GhostTeam malware and, while there's no exact figure on how many people have inadvertently compromised their device, one malicious app -- advertised as a means of downloading videos from Facebook -- has been downloaded between 100,000 and 500,000 times.

While it's not clear why the attackers are going after Facebook accounts, researchers suggest that they could be used for anything from distributing additional malware, to mining cryptocurrency, to using the social media platform to spread fake news. (continue reading)