that Cowboy Adventure, a popular Android game on Google Play store, because researchers, from ESET, have revealed that the game has compromised the Facebook login credentials of over a million users who downloaded that Android game.
According to a post by the researcher on July 9, the Cowboy Adventure app on the Google Play store was able to steal personal information of the users.

With 500,000 – 1,000,000 installs, the developer of the Cowboy Adventure app also used it as a tool

to harvest Facebook credentials.
However, the Google has taken down both of the apps from their app store and also warns against their

installation on Android devices.
“It was one of two games spotted by ESET malware researchers that contained this malicious functionality,

the other one being Jump Chess,” according to a report on Welivesecurity.

these apps did contain legitimate functionality (they actually were real games) in addition to the fraud. The problem lies in the fact that when the app is launched, a fake Facebook login

window is displayed to the user. If victims fell for the scam, their Facebook credentials would be

sent to the attackers’ server.
It is said that the latest version of the app at the time Google took it down from their official market last

week was 1.3. This trojanized game had been available for download from Google Play for at least

April 16, 2015, when the app was updated.
“We are not sure how many users had their Facebook credentials compromised,” the report read.

has shown that the applications were written in C# using the Mono Framework. The phishing code is located inside TinkerAccountLibrary.dll. The app communicates with its C&C server through HTTPS and the address to which to send the harvested credentials (also known as the ‘drop zone’) is loaded from the server dynamically,” the report read.
The researchers have said always download apps from the official Google Play store than from alternative app

stores or other unknown sources and always check the ratings and user comments.