surrounded by a number of malicious
applications that may gain users’ attention to fall
victim for one, but this time it might be even
worse than you thought.
Threat researchers from security firm ESET have
discovered a malicious Facebook-Credentials-Stealing
Trojan masquerading as an Android game that has
been downloaded by more than a Million Android
Malicious Android Apps downloaded
The Android game, dubbed ” Cowboy Adventure,”
and another malicious game, dubbed “Jump
Chess” – downloaded up to 50,000 times, have
since been removed from Google Play Store.
store, the creepy game apps may have
compromised an unknown number of victims’
Both the games were created by the same
software developer, Tinker Studio and both were
used to gather social media credentials from
How Cowboy Adventure victimizes Android users?
Once installed, Cowboy Adventure produced a
fake Facebook login window that prompted users to
enter their Facebook usernames along with their
passwords. A practice known as OAuth in which a
3rd party asks your Facebook login.
However, if users provide their credentials to
Cowboy Adventure app, the malicious code within
the game app allegedly sent their credentials to
the attacker’s server.
Adventure or Jump Chess, you should immediately
change not alone your Facebook password, but
any service that uses the same combination of
username and password as your Facebook
ESET senior security researcher Robert Lipovsky
believes that the app malicious behavior is not
just a careless mistake of the game developer, but
the developer is actually a criminal minded.
A few basic tips that you should always keep in
your mind are:
Always download apps from official
sources, such as Google Play Store or
Apple’s App Store.
Read reviews from other users before
downloading an app (Many users
complained about “Cowboy Adventure”
that the game locked them out of
Always use two-factor authentication on
services that makes it harder for hackers
to access your accounts with just your
Always keep a malware scanning software
from trusted vendors like Avast, AVG,
ESET, Kaspersky and Bitdefender, on your