Alert..! Apps on Google Play Steal Facebook Credentials

Alert.. !  Over 500,000 Android users targeted by phishing apps harvesting their Facebook credentials. Cowboy Adventure was a relatively popular game on the Google Play store. That popularity in itself is unremarkable: however, the developers of the app also used it as a tool to harvest Facebook credentials, and that did raise a few eyebrows. It was one of two games that contained this malicious functionality, the other one being Jump Chess.


1_1
 

shadow_new
 


11_1

These apps did contain legitimate functionality (they actually were real games) in addition to the fraud. The problem lies in the fact that when the app is launched, a fake Facebook login window is displayed to the user. If victims fell for the scam, their Facebook credentials would be sent to the attackers’ server.

Screenshot_2015-07-02-11-14-12
The good news is that Google has taken down both of the apps from their app store and also warns against their installation on Android devices:

Screenshot_2015-07-07-10-14-05
 


Screenshot_2015-07-07-11-25-15