Categories: FacebookMalwareTechnology

“Fakeapp” Android Malware Steals Facebook Credentials



This new Android malware steals Facebook data directly from the device

Facebook is no stranger to spreading of scams and installation of malicious malware on its platform. Thanks to its large user base, the popular social media networking site has always been the favorite of cybercriminals and hackers.

In a newly identified scam detected by security company Symantec, a malicious app dubbed ‘Android.Fakeapp’, involves a new malware strain that is phishing for Facebook login credentials directly from the targeted devices. Once the Facebook user credentials are obtained, the malware logs into the account and collects account information and results using the Facebook mobile app’s search functionality.

According to the researchers, the Fakeapp malware is currently made available via malicious apps to English-speaking users on third-party app stores.

How does the Fakeapp malware work?

Once installed, the apps infected with the Fakeapp malware will immediately hide from the phone’s home screen, leaving only a service running in the background. The malware acts step-by-step (see below) since its installation to steal details from a Facebook user’s account:



  • It checks for a target Facebook account by submitting the International Mobile Equipment Identity (IMEI) to the command and control (C&C) server.
  • If no account can be collected, it verifies that the app is installed on the device.
  • It then launches a spoofed Facebook login user interface (UI) to steal user credentials.
  • It periodically displays this login UI until credentials are successfully collected.

Besides sending the collected Facebook login credentials to the attacker’s server, the Fakeapp malware also immediately uses the login details to login into the compromised Facebook account. Once the malware is logged into the Facebook page, it can collect wide variety of information on education, work, contacts, bio, family, relationships, events, groups, likes, posts, pages, and so on.

“The functionality that crawls the Facebook page has a surprising level of sophistication,” Martin Zhang and Shaun Aimoto, the two Symantec researchers who analyzed Fakeapp say.

“The crawler has the ability to use the search functionality on Facebook and collect the results. Additionally, to harvest information that is shown using dynamic web techniques, the crawler will scroll the page and pull content via Ajax calls,” Symantec explained.

In order to stay safe, Facebook users are recommended to regularly update the software and avoid installing applications from unknown sources. Only download apps that are from trusted sources.

Source: Symantec, Bleeping Computer

Kavita Iyer

An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human

Recent Posts

  • Laws and Legalities
  • News

Cloudflare requested to expose Showbox, YTS and Popcorn Time site operators

Movie studios obtain subpoena that orders Cloudflare to expose piracy site operators including Showbox, YTS and Popcorn Time site A group…

7 hours ago
  • Laws and Legalities
  • Security news

Mirai botnet masterminds helping FBI to avoid jail time

Mirai botnet creators avoid prison time by assisting FBI as part of their sentencing Remember the three young hackers who…

7 hours ago
  • leak
  • News

Winamp’s new beta version 5.8 leaks online

Winamp 5.8 beta leak surfaces on the web A beta version of the upcoming Winamp 5.8 has been leaked online…

1 day ago
  • Security news
  • Technology

Developer of Terrarium TV says he could hand over user info to authorities

Details of Terrarium TV users could be handed to authorities, developer says Terrarium TV had recently announced that it would be…

1 day ago
  • Explanatory
  • how to

How To Add Bots To Discord Server; Working-2018

Discord is possibly the best cross-platform voice and text chat service for gamers. Well, adding bots to discord server makes…

1 day ago
  • Apple
  • Security news

iOS web attack crashes, causes iPhones or iPads to restart

This new CSS-based web attack can crash and restart iPhones or iPads and can cause a Mac computer to freeze…

2 days ago