"Cowboy Adventure": the game which stole the Facebook profiles!

Status
Not open for further replies.

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
Hi everyone.
In this thread I want to share with you this news: this game for Android mobile devices, called "Cowboy Adventure" stole the credentials of the Facebook profiles of its players.
The game was immediately removed from Play Store, following an official communication from ESET antivirus.
The game contained a malware that has infected from 500,000 to 1,000,000 users.

vaD-hgK-RPZU600NwmYYtZ4feTFwoa8uL-tI0PqAC3_2xpJscQ9i2kMtpDwDSDM9Ilgl=h900


cowboy-adventure.jpg
 

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
I think google and other companies should analyze the apps that are placed in their stores.
however I think it will not happen.
it is necessary to put a security filter, it seems that anything that moves can be put there without any barrier to ensure the safety of aplications.
it seems that both it comes to security and privacy for anything, only serves to fill web pages sites and forums because in practice ...
 

Cch123

Level 7
Verified
May 6, 2014
335
Google has an automated app checker called "Bouncer" already...but as always nothing is perfect, and at the end of the day the onus is on users to check what exactly is the app requesting and the reviews for the app.
 

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
I think google and other companies should analyze the apps that are placed in their stores.
however I think it will not happen.
it is necessary to put a security filter, it seems that anything that moves can be put there without any barrier to ensure the safety of aplications.
it seems that both it comes to security and privacy for anything, only serves to fill web pages sites and forums because in practice ...
This should not happen, all games etc should be analyzed first before being available.
Yes you are in reason my friends, but unfortunately the mobile devices stores usually don't use a security filter and they don't check their apps :(
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
Google has an automated app checker called "Bouncer" already...but as always nothing is perfect, and at the end of the day the onus is on users to check what exactly is the app requesting and the reviews for the app.
Yup I see this everyday, a simple flashlight requesting identity, location, camera and microphone will still have hundreds of thousands installs and nobody in the comment section will even ask about them. Well it's not like a flipping huge pop-up asks you to confirm the installation whilst showing you all requested privileges... but oh well people still think they are protected by just using an AV and not by turning their brain on.
 
  • Like
Reactions: JM Safe

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
More technical details: http://blog.trustlook.com/2015/07/08/most-successful-malware-on-google-play/

"We have to ask: what’s going wrong? The author’s opinion is as follows:

1. Mono is relatively a new development framework, thus good at evading analysis. This is not about difficulty, but cost-efficiency. As the Jar pack is still the majority of the Android threat source, few vendor integrates the Mono and C# code analysis into automated platforms.

2. Phishing is naturally difficult to detect via automated technical approaches. A phishing Facebook login activity has no difference to a normal login activity on code level. Only experienced human being can identify the forged images & layout.

3. The sneaky developer has set a location based triggering mechanism. This may fooled a lot of AV vendors outside Asia.

4. Some AV vendors have overly trust on Google Play. The slow reaction for AV vendors and the VirusTotal’s result is the best evidence. The app’s high-profile on Google Play might be a factor that made VirusTotal gave the “Probably harmless” comment. Also to our knowledge, some AV vendors gives more trust to the apps on Google Play during their automated analysis."

According to TrustLook; "If you have basic knowledge about OAuth, you should know that no 3rd party could ask your FB account in this way".
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
I think Google should revise a little bit on their verification check especially those permission if its really required on the software.

That case it prevents possible malicious program but rather proper implementations of permission.
 
  • Like
Reactions: JM Safe and LabZero
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top