Cyber-criminals placed malicious versions of the games: "Cowboy Adventure" and "Jump Chess" in the Google Play store, which were removed, but not after they were downloaded over a million times. The malicious games contain an Android malware or Trojan called "Android/Spy.Feabme.A," created to steal the Facebook user names (email or phone number) and passwords for users of the games.
The Malicious Android Games
The games work, but will ask the users for their Facebook user names and passwords, which will be sent to the cyber-criminals behind the malicious games.
The cyber-criminals will then hijack their victims’ Facebook accounts using the credentials that were sent to them, and use the accounts fraudulently.
So, if you have downloaded, installed and played the games, please change your Facebook password immediately and remove the games from your device.
To be safe when downloading apps, please ensure that you do the following:
- download apps from Google Play store instead of other sources
- check the apps ratings and review comments made by other users of the apps