With 500,000 – 1,000,000 installs, Cowboy Adventure was a relatively popular game on the Google Play store. That popularity in itself is unremarkable: however, the developers of the app also used it as a tool to harvest Facebook credentials, and that did raise a few eyebrows. It was one of two games spotted by ESET malware researchers that contained this malicious functionality, the other one being Jump Chess.
Unlike some other Android malware, these apps did contain legitimate functionality (they actually were real games) in addition to the fraud. The problem lies in the fact that when the app is launched, a fake Facebook login window is displayed to the user. If victims fell for the scam, their Facebook credentials would be sent to the attackers’ server.
View full story