It's not at all surprising that the Google Play
Store is surrounded by a number of malicious
applications that may gain users' attention to
fall victim for one, but this time it might be even
worse than you thought.

Threat researchers from security firm ESET have
discovered a malicious Facebook-Credentials-
Stealing Trojan masquerading as an Android
game that has been downloaded by more than
a Million Android users.

Malicious Android Apps downloaded
50,000-1,000,000 times
The Android game, dubbed " Cowboy Adventure ,"
and another malicious game, dubbed " Jump
Chess" – downloaded up to 50,000 times, have
since been removed from Google Play Store.
However, before taking them off from the app
store, the creepy game apps may have
compromised an unknown number of victims'
Facebook credentials.
Both the games were created by the same
software developer, Tinker Studio and both were
used to gather social media credentials from
unsuspecting users. How Cowboy Adventure victimizes
Android users?
Once installed, Cowboy Adventure produced a
fake Facebook login window that prompted
users to enter their Facebook usernames along
with their passwords. A practice known as
OAuth in which a 3rd party asks your Facebook
login.
However, if users provide their credentials to
Cowboy Adventure app, the malicious code
within the game app allegedly sent their
credentials to the attacker's server.[b]It's not at all surprising that the Google Play
Store is surrounded by a number of malicious
applications that may gain users' attention to
fall victim for one, but this time it might be even
worse than you thought.

Threat researchers from security firm ESET have
discovered a malicious Facebook-Credentials-
Stealing Trojan masquerading as an Android
game that has been downloaded by more than
a Million Android users.

Malicious Android Apps downloaded
50,000-1,000,000 times
The Android game, dubbed " Cowboy Adventure ,"
and another malicious game, dubbed " Jump
Chess" – downloaded up to 50,000 times, have
since been removed from Google Play Store.
However, before taking them off from the app
store, the creepy game apps may have
compromised an unknown number of victims'
Facebook credentials.
Both the games were created by the same
software developer, Tinker Studio and both were
used to gather social media credentials from
unsuspecting users. How Cowboy Adventure victimizes
Android users?
Once installed, Cowboy Adventure produced a
fake Facebook login window that prompted
users to enter their Facebook usernames along
with their passwords. A practice known as
OAuth in which a 3rd party asks your Facebook
login.
However, if users provide their credentials to
Cowboy Adventure app, the malicious code
within the game app allegedly sent their
credentials to the attacker's server.[/b]It's not at all surprising that the Google Play
Store is surrounded by a number of malicious
applications that may gain users' attention to
fall victim for one, but this time it might be even
worse than you thought.

Threat researchers from security firm ESET have
discovered a malicious Facebook-Credentials-
Stealing Trojan masquerading as an Android
game that has been downloaded by more than
a Million Android users.

Malicious Android Apps downloaded
50,000-1,000,000 times
The Android game, dubbed " Cowboy Adventure ,"
and another malicious game, dubbed " Jump
Chess" – downloaded up to 50,000 times, have
since been removed from Google Play Store.
However, before taking them off from the app
store, the creepy game apps may have
compromised an unknown number of victims'
Facebook credentials.
Both the games were created by the same
software developer, Tinker Studio and both were
used to gather social media credentials from
unsuspecting users.

How Cowboy Adventure victimizes
Android users?
Once installed, Cowboy Adventure produced a
fake Facebook login window that prompted
users to enter their Facebook usernames along
with their passwords. A practice known as
OAuth in which a 3rd party asks your Facebook
login.
However, if users provide their credentials to
Cowboy Adventure app, the malicious code
within the game app allegedly sent their
credentials to the attacker's server.

Therefore, If you have downloaded Cowboy
Adventure or Jump Chess, you should
immediately change not alone your Facebook
password, but any service that uses the same
combination of username and password as your
Facebook account.
ESET senior security researcher Robert Lipovsky
believes that the app malicious behavior is not
just a careless mistake of the game developer,
but the developer is actually a criminal minded.
Take Away
A few basic tips that you should always keep in
your mind are:
Always download apps from official
sources, such as Google Play Store or
Apple's App Store.
Read reviews from other users before
downloading an app (Many users
complained about "Cowboy Adventure"
that the game locked them out of
Facebook accounts).
Always use two-factor authentication
on services that makes it harder for
hackers to access your accounts with
just your password.
Always keep a malware scanning
software from trusted vendors like
Avast, AVG, ESET, Kaspersky and
Bitdefender, on your smartphone.


source: thehackernews.com/2015/07/android-malware-game.html?m=1

U don't mean it

I'm telling you