Discover a software stealing Facebook account on the phone developed by Vietnamese hackers
Although Google has come up with a number of measures to clean up the Google Play app market, malicious codes still appear regularly and become more and more dangerous.
Recently, security experts have discovered a new stream of malicious code called GhostTeam used to steal Facebook login information and display ads on user devices. This malicious code includes at least 56 Google Play apps such as flashlights, QR code scanners, compasses, enhancing device performance, video downloader .
Since the code uses Vietnamese, security experts believe that a Vietnamese developer developed GhostTeam and uploaded the Play Store.
According to malware researchers GhostTeam primarily affects users residing in India, Indonesia, Brazil, Vietnam and Phipippines.
A special feature is that now in Vietnam there is also an organization operating under the name GhostTeam, which was established in 2014 and is now operating underground. It is not yet clear whether this group is the author of the code for GhostTeam.
These malware applications are allowed to be distributed on Google Play applications because they do not contain any malicious code. After installation, these applications will test the device environment if they are not virtual environments or simulation environments, then the application will download malicious modules. They will then issue a message prompting the user to approve administrative rights so that the application can stay permanently on the device.
How do malicious users steal Facebook login data?
These malware do not exploit any system or application vulnerabilities, they just need to use a simple phishing program to steal user credentials. Every time a user opens a Facebook application, these malicious code will launch a WebView component with a Facebook-like login page and ask users to re-verify their Facebook account by logging back into Facebook. After obtaining user login information, WebView will send them to the control server of the hackers.
Hackers can use this stolen information to spread malicious code, create malware that exploits virtual money or sell them in black markets because stolen Facebook accounts can reveal lots of financial and personal information of users.
Google has removed the app completely from Google Play as soon as it receives the notice. But to ensure safety, users need to review the device and remove applications of unknown origin, enable the Google Play Protect feature to filter malicious applications. In addition, users need to pay attention to avoid downloading applications from unknown sources and from unreliable developers. In addition, installing anti-virus programs is essential to enhance the security on the device.
See more:
- Discovered a new line of malicious Android code that steals user data on the electronic application market
- It turns out this is how hackers attack your computer through the main screen
- The new vulnerability on Intel allows hackers to take control of your computer within 30 seconds
You should read it
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- Detecting a Chrome extension infected with malicious code, stealing the password and the user's e-wallet key
- How to prevent malicious blackmail JPG code via Facebook Messenger
- Warning: New malware can hijack Vietnamese users' access to Facebook and Gmail
- 1.6 million computers in Vietnam were erased by the virus, losing nearly 15,000 billion in 2018
- Instructions for creating QR codes for Facebook accounts
- How to prevent .SVG images containing new malware on Facebook
- Warning: new code of virtual money digging is available via Facebook Messenger
- Instructions to block Facebook read theft messages on Android
- Hacker offered to sell the text of 81,000 Facebook accounts on the Internet
- How to remove the code as a video format on Facebook Messenger
Maybe you are interested
More than 200 apps containing malicious code were discovered and downloaded millions of times on the Google Play Store.
Detection of malicious code infecting the web browsers of 300,000 PCs, silently stealing user data
The App Store was tricked into approving malicious apps
Google Chrome will warn users about password-protected malicious archive files
All VSCode users need to be wary of malicious extensions!
What are malicious apps? How dangerous are they?