Skip to main content

Malicious Gaming App Infects More than 1 Million Android Users 2015




Hacking News Of 2015

android-malware-game
It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought.

Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users.

Malicious Android Apps downloaded 50,000-1,000,000 times


The Android game, dubbed "Cowboy Adventure," and another malicious game, dubbed "Jump Chess" – downloaded up to 50,000 times, have since been removed from Google Play Store.
However, before taking them off from the app store, the creepy game apps may have compromised anunknown number of victims' Facebook credentials.

Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspecting users.

How Cowboy Adventure victimizes Android users?


Once installed, Cowboy Adventure produced a fake Facebook login window that prompted users to enter their Facebook usernames along with their passwords. A practice known as OAuth in which a 3rd party asks your Facebook login.

However, if users provide their credentials to Cowboy Adventure app, the malicious code within the game app allegedly sent their credentials to the attacker's server.
Therefore, If you have downloaded Cowboy Adventure or Jump Chess, you should immediately change not alone your Facebook password, but any service that uses the same combination of username and password as your Facebook account.

ESET senior security researcher Robert Lipovsky believes that the app malicious behavior is not just a careless mistake of the game developer, but the developer is actually a criminal minded.

Take Away


A few basic tips that you should always keep in your mind are:
  • Always download apps from official sources, such as Google Play Store or Apple's App Store.
  • Read reviews from other users before downloading an app (Many users complained about "Cowboy Adventure" that the game locked them out of Facebook accounts).
  • Always use two-factor authentication on services that makes it harder for hackers to access your accounts with just your password.
  • Always keep a malware scanning software from trusted vendors like Avast, AVG, ESET, Kaspersky and Bitdefender, on your smartphone.
Labels:

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play...
Post a Comment
Read more

Hack WiFi Account From Phishing Attack With WifiPhisher

WiFi Phishing Attack With WifiPhisher Tool  Wifiphisher   is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases. From the victim's perspective, the attack makes use in three phases: 1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well. 2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up ...
Post a Comment
Read more

The Problem of Pluto: What Is being Defined?

I wanted to return to the issue of Pluto, which has already been the subject of a number of posts.  The International Astronomical Union (IAU) created a rich array of issues and problems when it undertook a definitional change that resulted in the demotion of Pluto to the class of "dwarf planets". The topic this time is what exactly did the IAU define? I was watching a PBS special on the status of Pluto a few days ago.  It included scenes from a diner where the genial Neil deGrasse Tyson was asking customers what they thought about the new status of Pluto.  The reponses varied, but the issue at hand was about whether Pluto was "a planet".  The diners all thought that they were dealing with the general concept signfied by the term "planet".  Yet there is reason to think they were mistaken. The IAU resolved (see http://www.iau.org/public_press/news/detail/iau0603/ ) concerning the following: "The IAU therefore resolves that planets and other bodies in o...
Post a Comment
Read more