ESET experts have discovered a malicious application for hacking accounts in social networks Facebook. Payload has the popular game Cowboy Adventure, downloaded from 500 thousand to 1 million times, and the less successful the application from the same developer Jump Chess. Unlike previously discovered Android threats, applications correspond to their descriptions, but in addition are used by creators to steal personal data.
Application analysis has shown that they are written in C# using Mono environment Framework. Malicious code is located in the library TinkerAccountLibrary.dll. When running applications, the user is prompted to enter a username and password from Facebook account in special form. The information is transmitted to the remote server to the attacker via a secure НТТРS connection.
Currently malware removed from Google Play. At the time of removal in the app store was available in version 1.3 of the game Cowboy Adventure, published on 16 April 2015. Less popular app Jump Chess was available from 14 April 2015, and scored from 1 to 5 thousand units.
For certain to set how many accounts Facebook was compromised, it is not currently possible. It is known that not all users who installed the game, have compromised their credentials. This is evidenced by the negative comments on the pages of apps in Google Play.
ESET experts remind Android users about the need to follow safety rules: download apps only from legitimate sites that control the content, view user comments and ratings of apps before installation, protect your mobile devices modern anti-virus software.