These 25 apps disguised themselves as photo utility or fashion apps to trigger downloads. They were published under 22 different developer accounts, but shared similar code structure and app content. Symantec suggests that these apps may have been developed by the same organisational group, or at least using the same source code base.
Once you install these malware apps, the app icon is visible on the device, but it soon disappears after a code is executed remotely. Then full-screen ads start showing up on your phone at sporadic intervals, interrupting the user. The ads do not give out any hint on which app is triggering them, and because the app icon has disappeared, often users are left scrambling not knowing what to do to get rid of the intrusive ads.
How did the apps steal Facebook credentials?
Once the user launched the contentious app on their smartphone, the malicious app detected what app a user recently opened and had in the phone's foreground. "If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you think that the application launched it," the cyber-security firm explains.
Once the user put their Facebook login details on the phishing page (which features a black bar instead of a blue bar of the original Facebook app), the malicious then sent the credentials to a remote server. This could potentially allow attackers to access all data stored on the Facebook account or even allow them to access other websites where users' have logged in via their Facebook account.
0 Comments