Android games on Google Play steal Facebook credentials From alphabanklog

Android games on Google Play steal Facebook credentials From alphabanklog

Android games on Google Play

This may come as a shock to many of the game lovers

that Cowboy Adventure, a popular Android game on Google Play store, because researchers, from ESET, have revealed that the game has compromised the Facebook login credentials of over a million users who downloaded that Android game.
According to a post by the researcher on July 9, the Cowboy Adventure app on the Google Play store was able to steal personal information of the users.
With 500,000 – 1,000,000 installs, the developer of the Cowboy Adventure app also used it as a tool
to harvest Facebook credentials.
However, the Google has taken down both of the apps from their app store and also warns against their
installation on Android devices.
“It was one of two games spotted by ESET malware researchers that contained this malicious functionality,
the other one being Jump Chess,” according to a report on Welivesecurity.

The report said that, unlike some other Android malware,

these apps did contain legitimate functionality (they actually were real games) in addition to the fraud. The problem lies in the fact that when the app is launched, a fake Facebook login
window is displayed to the user. If victims fell for the scam, their Facebook credentials would be
sent to the attackers’ server.
It is said that the latest version of the app at the time Google took it down from their official market last
week was 1.3. This trojanized game had been available for download from Google Play for at least
April 16, 2015, when the app was updated.
“We are not sure how many users had their Facebook credentials compromised,” the report read.

“Our analysis of these malicious games

has shown that the applications were written in C# using the Mono Framework. The phishing code is located inside TinkerAccountLibrary.dll. The app communicates with its C&C server through HTTPS and the address to which to send the harvested credentials (also known as the ‘drop zone’) is loaded from the server dynamically,” the report read.
The researchers have said always download apps from the official Google Play store than from alternative app
stores or other unknown sources and always check the ratings and user comments.

You can also buy instant:


Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us

Leave a Reply