Skip to content
Published January 20, 2018

Google has been Always Preventing us From the Applications which Steal our data and breaks our Privacy. Last year, Google has made Several efforts to remove malicious apps and Password Stealing Apps from The Play Store but still, some malicious apps managed to take their place in the Play store.

Security researchers have found a malware which was designed in Order to Steal your Facebook Credentials and Displaying Aggressively Pop-up ads in 56 Apps, dubbed GhostTeam.

Discovered independently by two cybersecurity firms, Trend Micro and Avast, the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps.

To Complete the Stealing of your Facebook Credentials the app performs Social Engineering tactics.

Like Most of The Password Stealing Apps or Malicious Apps, this application also doesn’t contain any malicious code in themselves and that’s How they Passed Google security check. What they do is, They download the payload according to your device and do Social engineering attacks to Make you share your credentials through the Phishing page.

The only negative thing the apps do is aggressively show ads. There is a catch though, the apps can download pieces of code to use at runtime or can even download other apps to the device. They request for the malicious code from their available servers and server send them the code. The Package Downloaded is malicious and If removed manually then, it can be downloaded again and even can be replaced.


As soon as the user opens their Application they trick them by asking for re-verification by logging into their Facebook Account. Instead of exploiting any system vulnerabilities, They use a simple Phishing page to complete the attack. These fake apps simply launch a component for Webview, With Facebook’s fake login Page and ask the user to log in.

The user credentials entered are then sent to the Remote Controlled Attacker’s server.

Trend Micro researchers warn that these stolen Facebook credentials can later be repurposed to deliver “Far more damaging malware” or “amass a zombie social media army” to spread fake news or generate cryptocurrency-mining malware.
Stolen Facebook accounts can also expose “a wealth of other financial and personally identifiable information,” which can then be sold in the underground markets.

All the apps have since been removed by Google from the Play Store after researchers reported them to the company. However, users who have already installed one such app on their devices should make sure they have Google Play Protect enabled.

One Comment

  1. Jan Zac Jan Zac

    Hello ,

    I saw your tweets and thought I will check your website. Have to say it looks very good!
    I’m also interested in this topic and have recently started my journey as young entrepreneur.

    I’m also looking for the ways on how to promote my website. I have tried AdSense and Facebok Ads, however it is getting very expensive. Was thinking about starting using analytics. Do you recommend it?
    Can you recommend something what works best for you?

    Would appreciate, if you can have a quick look at my website and give me an advice what I should improve:
    (Recently I have added a new page about FutureNet and the way how users can make money on this social networking portal.)

    I wanted to subscribe to your newsletter, but I couldn’t find it. Do you have it?

    Hope to hear from you soon.

    Maybe I will add link to your website on my website and you will add link to my website on your website? It will improve SEO of our websites, right? What do you think?

    Jan Zac

Leave a Reply

Your email address will not be published. Required fields are marked *