Can GhostTeam Adware Really Steal Facebook Credentials?

• GhostTeam Adware steals Facebook information and uses it to push ads.
• The malware has been on Play Store since April 2017.
• 53 apps infected by the Vietnamese-based adware have since been removed from the Play Store.

The tech giants Google, with the help of mobile security teams from Trend Micro and Avast, has uncovered a new breed of malware that can be used to steal Facebook credentials on the Android platform. Infected devices can, in turn, push advertisements to unsuspecting users. Although the malware was discovered and reported to the Google team just recently, experts say that the malware had been active in the Play Store since April last year.

Teams from Trend Micro and Avast have reported that a total of 53 apps on the Play Store. Most of the infected apps have been on the Android Play Store since April 2017 and were put in Play Store by a wave.

Well, the bad news is that the GhostTeam adware really did what it was designed to do, steal Facebook credentials, infect devices, and push ads to unsuspicious users. The good news is that since its discovery, all of the 53 infected apps have been removed from the official Play Store.

Here are a few interesting facts about the adware:

• According to Avast and Trend Micro, the GhostTeam adware seems to have originated from Vietnam. Most of the infected apps on Play Store have Vietnamese as their default language.
• The infected apps have English versions. Host servers are on Vietnam IPs and communication is via command control.
• Over 60 percent of the infections are in Brazil, Indonesia, and India. Users in Vietnam, Australia, and the Philippines have been largely affected too.

• Most of the infected apps are cleaning device apps, device optimization apps, compass apps, QR code scanners, flashlight apps and other unsophisticated applications.

Trend Micro has made a list all the infected applications. If you find any of the apps on your device, change your Facebook credentials immediately and activate two-factor authentication.

Mobile security experts from Avast and Trend Micro say scoundrels used the malware to earn money through the advertisements they pushed to infected devices. That was made possible by unsuspected users who through surreptitious sharing and liking content with their compromised accounts, became part of an unscrupulous social promotion service.