FakeApp Android Malware logs into Facebook accounts to harvest credentials
The new strain of malware called FakeApp is designed to trick people into providing their login details via phishing and then log into the accounts to steal more personal information[1]. It is worth to mention that this threat is able to use the in-built Facebook search tool to get the targeted details.
According to the malware researchers from Symantec, Martin Zhang and Shaun Aimoto, this malware is detected as Android.Fakeapp and aims to infiltrate devices of English-speaking users[2]. It was caught spreading hidden inside malicious applications which are offered on third-party app stores.
Analysts say that most of Android malware victims are located in Asia-Pacific region which suggests that the majority of third-party store's customers are from Asia[3]. Despite that, FakeApp virus is primarily designed to target English-speaking people.
FakeApp Android virus: Phishes Facebook logins via fake screen and hacks into the accounts
This strain of Android malware is highly sophisticated — once installed, it immediately hides itself leaving the only service running in the background which continuously displays fake Facebook login screen to steal user's credentials. It is programmed to show it periodically until the user submits the login details.
On the contrary to previous Android virus[4] versions, this FakeApp trojan not only transmits the stolen credentials to the attackers but also uses them directly on the device to continue harvesting even more sensitive information from Facebook accounts.
Symantec researchers point out that it is almost impossible to notice Android malware since it does the following:
Using JavaScript from a hidden WebView, the threat silently logs into the compromised Facebook account. The malware hides the WebView by setting the display to be almost completely transparent.
Furthermore, FakeApp is not programmed to do intrusive activities like other malware versions, including posting spam and liking suspicious content on Facebook pages. Instead, it stealthily browses through the app to collect details, such as[5]:
- Work and education;
- Location, contacts, and basic info;
- Nicknames, relationships, family, and bio;
- Check-ins and events;
- Friends, groups, likes, pages, and posts.
Android malware distinguishes by the never-seen-before behavior
Symantec researchers are surprised how sophisticated this FakeApp malware is. There is no Android virus which would perform such activity:
Additionally, to harvest information that is shown using dynamic web techniques, the crawler will scroll the page and pull content via Ajax calls.
Since FakeApp is not designed to perform any money-making operations, researchers believe that its initial purpose is to gain information about specific people of high interest.
- ^ Kavita Iyer. “Fakeapp” Android Malware Steals Facebook Credentials. TechWorm. Security News Platform.
- ^ Catalin Cimpanu. "Fakeapp" Android Malware Steals Facebook Credentials, Logs into Accounts. BleepingComputer. News, Reviews, and Technical Support.
- ^ Martin Zhang, Shaun Aimoto. Android Malware Harvests Facebook Account Details. Symantec. Global Leader In Next-Generation Cyber Security.
- ^ Jake Doevan. Android virus. How to remove? (Uninstall guide). 2Spyware. Security and Spyware News.
- ^ Waqas. Malware steals data directly from the device to hack Facebook account. HackRead. Latest cyber crime, information security, technology news.