"Fakeapp" Android Malware Steals Facebook Credentials, Logs into Accounts

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A new Android malware strain can phish Facebook user credentials and then log into accounts to harvest account details, and even search and collect results using the Facebook app's search functionality.

Named Fakeapp, this new malware strain was detected earlier this month by Symantec researchers. Symantec says the app is currently distributed inside malicious apps made available to English-speaking users on third-party app stores.

Despite targeting the English-speaking audience, Symantec researchers say most victims are from the Asia-Pacific region, suggesting the third-party app stores have a local Asian audience only.

App uses fake login screen to phish Facebook credentials

Apps infected with the Fakeapp malware will immediately hide from the phone's home screen, but start a service that runs in the background.


This service is responsible for starting a spoofed Facebook login user interface to steal user credentials. Fakeapp periodically displays this login screen (pictured above) until users enter their Facebook credentials.


This is where Fakeapp is different from all previous Android info-stealing trojans. Besides sending the collected Facebook credentials to the attacker's server, the malware also immediately uses these credentials on the victim's device.

Fakeapp immediately logs into compromised accounts
Fakeapp starts a WebView window (WebView is a stripped down mobile browser app) and makes this window almost entirely transparent with a window alpha-transparency value of "0.01f" — near 0.
It then loads the Facebook login page and accesses the user's account.
.... .... ......
Symantec: Surprising level of sophistication

"The functionality that crawls the Facebook page has a surprising level of sophistication," Martin Zhang and Shaun Aimoto, the two Symantec researchers who analyzed Fakeapp say.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top