GhostTeam malware found in Google store: steals Facebook passwords

All roads lead to the Google Play Store: at least when it comes to Android malware. You might be following the regular changes that take place in this official store: on the 5th of January, Google removed 36 suspicious tools from its store.

Now, multiple cyber security companies are indicating that a number of Android utilities carry a malware dubbed GhostTeam. Currently, researchers have calculated 56 malicious programs in total, but this number could easily increase.

GhostTeam malware will show mobile ads and steal Facebook login info

GhostTeam malware in Google Play

GhostTeam malware is a mix of adware and spyware. Its main features are to display objectionable third-party ads on the infected mobile and to steal Facebook login credentials. Both of these traits are red-flagged by security researchers. You could instantly ask: why are such apps featured in Google Play Store?

In fact, when these apps are submitted to Google, they do not contain any malicious codes. Therefore, they are confirmed as reliable and are offered to users as legitimate programs.

However, these seemingly-harmless programs are actually used as bait. Once they are installed, they download the GhostTeam malware into devices. When the malware becomes active in an Android device, users will be required to log into their Facebook accounts.

This is an old trick of using fake interfaces of legitimate services. By typing in your usernames and passwords, you will be revealing them to an unknown third-party source.

It is speculated that the malware was created by people from Vietnam since the code contains Vietnamese language. Signs of the infection have been reported in India, Indonesia, Brazil, Vietnam and Philippines. The stolen Facebook credentials could be sold on the dark web or used to access your account.

How to notice that your Facebook account is in danger?

If you do not want your social networking account to be accessible by unknown sources, we hope that you will stop downloading random programs from Google Play Store. Even though they might sound legitimate, they could be hiding some disturbing activities as well.

Of course, let’s not forget the annoying displays of mobile advertisements which will be initiated by GhostTeam malware. Your device will be flooded with unwanted promotional content. If you notice that disturbing amounts of ads end up on your screen, please remember that that Android operating systems are just as vulnerable to malware as Windows OSs.

In order to known whether suspicious sources have not stolen your Facebook login information, we advise you to regularly check your activity log. If hackers are using your account, they might be secretly liking specific websites/posts.

Also, some disturbing content could be automatically posted on your wall. We recommend changing the password to your Facebook account on a regular basis.

Lastly, we provide a few of the apps, downloading GhostTeam malware:

Videos Downloader From Facebook, Videos Downloader From Instagram, CompassPro, Compass Easy, Video Saver From Facebook, Tube Videos, RAM Booster Pro 2017, QR Barcode Scanner, Flashlight, Cleaner Booster Pro, Chess Master, Compass, Downloader for Insta, FastMath, Flash Disco Pro, Hexa Block, Insta Saver and a bunch of other Android apps. 

Source: blog.trendmicro.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Security Guides

Recent Comments