GhostTeam malware found in Google Play was stealing Facebook login information.
The malware is called GhostTeam, and it’s purpose is to steal your Facebook credentials. Security researchers at Trend Micro found infected apps within the Google Play Store. Disguised as utility apps such as flashlight apps and QR code readers, the apps didn’t contain the malware itself. Instead, once the app was installed, it would then download the malicious code.
Once the malware was installed, it would check to make sure it was on an actual device and not an emulator, and then lay in wait. Once the user opened Facebook, the malware would present a full page popup asking the user to input their credentials. We’ve seen this type of activity in the past. The login information is then sent back to the attacker’s command and control servers. In addition to the login theft, the malware is also able to serve fraudulent ads to users.
This malware, like many others, depends on gullible users. In order to take effect, the malware must trick users into giving the app administrator access. Users should be careful of what permissions they are allowing applications. If it seems that an app should not require a permission, then don’t give it.
Trend Micro notified Google of the malware and Google has removed the infected apps. Google Play Protect has also been updated to recognize and halt the malware.
Source: Tech Republic