Skip to main content

Malicious Gaming App Infects More than 1 Million Android Users 2015




Hacking News Of 2015

android-malware-game
It's not at all surprising that the Google Play Store is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought.

Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users.

Malicious Android Apps downloaded 50,000-1,000,000 times


The Android game, dubbed "Cowboy Adventure," and another malicious game, dubbed "Jump Chess" – downloaded up to 50,000 times, have since been removed from Google Play Store.
However, before taking them off from the app store, the creepy game apps may have compromised anunknown number of victims' Facebook credentials.

Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspecting users.

How Cowboy Adventure victimizes Android users?


Once installed, Cowboy Adventure produced a fake Facebook login window that prompted users to enter their Facebook usernames along with their passwords. A practice known as OAuth in which a 3rd party asks your Facebook login.

However, if users provide their credentials to Cowboy Adventure app, the malicious code within the game app allegedly sent their credentials to the attacker's server.
Therefore, If you have downloaded Cowboy Adventure or Jump Chess, you should immediately change not alone your Facebook password, but any service that uses the same combination of username and password as your Facebook account.

ESET senior security researcher Robert Lipovsky believes that the app malicious behavior is not just a careless mistake of the game developer, but the developer is actually a criminal minded.

Take Away


A few basic tips that you should always keep in your mind are:
  • Always download apps from official sources, such as Google Play Store or Apple's App Store.
  • Read reviews from other users before downloading an app (Many users complained about "Cowboy Adventure" that the game locked them out of Facebook accounts).
  • Always use two-factor authentication on services that makes it harder for hackers to access your accounts with just your password.
  • Always keep a malware scanning software from trusted vendors like Avast, AVG, ESET, Kaspersky and Bitdefender, on your smartphone.

Labels

Labels:

Comments

Post a Comment

Popular Posts

Create Your Own Social Networking Site

Create Your Own Social Networking Site JCOW: Ethical Hacking Top 10 reasons to choose Jcow:- 1. Handle more traffic - Clean codes and Dynamic caching can lower the CPU load and  speed up your website. 2 Make your site more interactive - Well designed Jcow applications help you members to connect and communicate with others more effectively. 3 Add questions to the Registration Form - You can add new member fields, which will be displayed to the registration form, profile form, and the member browsing form. 4 Easily share stuff - Within the AJAX sharing Box, your members can publish status,  photos, videos, and blogs. 5 Customize and Extend your Jcow Network - A Jcow network consists of core apps(like "Friends" and "Messages") and optional apps(like "Blogs" and ""Videos"). You can enable/disable optional apps. You can also develop your own apps. 6 Every profile could be Unique - Members can customize their own profile theme and  add music play...
Post a Comment
Read more

HL7V2.x to HL7V3.0 Translation Issues Details-2

In continuation of my previous post this post lists the other issues associated with HL7 v2.x to HL7v3 translation Conformance Patterns: The other major issue with the transformation of messages is the behavior of application when a particular information exchange takes place. In HL7V3.0 apart from the trigger events and interactions there exists the notion of application role as senders and receivers. The application role is characterized as the entire set of interactions for which the sender and receiver are responsible for transmitting. HL7V3.0 clearly defines the possible interactions and the application behavior associated these interactions in the form of responses for which the sender and receiver needs to adhere to. The differences in messages between V2.x and V3.0 and absence of clear guidance on V2.x regarding application behavior on receipt of message makes the transformation exercise more difficult. Vocabulary: It is a well known fact that 80% of HL7 V2.x message failu...
Post a Comment
Read more

Hack WiFi Account From Phishing Attack With WifiPhisher

WiFi Phishing Attack With WifiPhisher Tool  Wifiphisher   is a security tool that mounts fast automated phishing attacks against WiFi networks in order to obtain secret passphrases and other credentials. It is a social engineering attack that unlike other methods it does not include any brute forcing. It is an easy way for obtaining credentials from captive portals and third party login pages or WPA/WPA2 secret passphrases. From the victim's perspective, the attack makes use in three phases: 1. Victim is being deauthenticated from her access point. Wifiphisher continuously jams all of the target access point's wifi devices within range by sending deauth packets to the client from the access point, to the access point from the client, and to the broadcast address as well. 2. Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point's settings. It then creates a rogue wireless access point that is modeled on the target. It also sets up ...
Post a Comment
Read more