More than half a million people downloaded a game for Android that stole their Facebook usernames and passwords to log on to the network, researchers said.
The game, called Cowboy Adventure , has just been removed from the app store for phones with Android and Google Play system. But it was downloaded from 500,000 to one million times, according to statistics from Google.
And this was not the only game that did this. Jump Chess made a similar move, and has already been downloaded 5,000 phones. This application has already been removed from the store of my on 2 July.
Both games were created by the same software developer, Tinker Studio . CNNMoney tried to contact the firm, but got no answer.
Anyone who has downloaded these games should change the password for your Facebook account immediately.
In Google Play-which is supposed safe-this area could be the biggest spread of this type of malware.
Read Facebook gives users new tool against ‘malware’
Google did not respond to questions about why CNNMoney did not notice this problem early, and if Tinker Studio it has been expelled from Google Play.
On Thursday, researchers at antivirus company computers and Slovak ESET explained how they realized the malware.
ESET routinely scan popular applications engineers reviewed the computer code for detecting malicious programs.
Lukáš Štefanko a computer expert, inspected Cowboy Adventure and found to have a strange behavior.
Currently, many applications ask your Facebook name and password to access them. Respectable applications transmit this information securely to Facebook, using a process called OAuth .
But is not the case for Cowboy Adventures . The app information obtained and sent to a computer server located in Panama, the researchers said.
Read: 600 million Galaxy phones exposed to hackers
ESET inspected the other game developed by Tinker Studio and found that also behaved in this way. ESET code explored and found to contain words in Vietnamese, but it is difficult to establish exactly where the developers of this game were, or they are doing with this massive gathering information from Facebook.
There is a possibility that it is not from hackers, but game developers are recklessly transmitted user names and passwords of Facebook. But the head of security researchers ESET Robert Lipovsky is convinced that this is criminal.
“I do not question people who were wrong,” said Lipovsky.
If someone tries to download any of these games now, Google warns that “are designed for you to give them your personal information networks”
The lesson here? Be more careful when you download an application. Read user reviews. In this case, some people complained that the game took them out of their Facebook accounts.
And it is worth having some sort of scanning service malware on your smartphone (Avast, AVG, BitDefender, ESET , Kaspersky or others).
No comments:
Post a Comment