After a short break, the hackers return to hit: once again the target are Android users, in particular those who are interested in cryptocurrencies and are active on the Facebook social network.
Listen to this article
Android, as a very popular operating system, is often used by hackers as a hunting ground for user data, and to derive undue profit, as just happened through two new digital emergencies, promptly reported by the Japanese security house Trend Micro.
The IT alert released by TrendMicro concerns the presence, on the Android Play Store, of over 200 apps (eg Daily Fitness OL, Enjoy Photo Editor, Swarm Photo, Business Meta Manager, Panorama Camera, Photo Gaming Puzzle, etc) containing the Facestealer virus (already spotted for the first time in May 2021), a spyware that steals Facebook credentials which are then used for advertising posts, scams, spam and phishing. Specifically, these are applications that, by injecting JavaScript code, once the user has logged in to the social network, steal cookies, encrypt information, and send them to the remote servers of the criminals.
TrendMicro also identified in the same destination about forty applications for cryptomining (eg Cryptomining Farm Your own Coin) of digital currencies that promised to participate in cloud-assisted cryptomining sessions (500 gigahash per second), without any deposit, simply by connecting your digital wallet. The apps ensured that they would not keep the decryption encryption key and that they would be protected by the AES encryption standard: in reality, once entered, the key (random in the experts’ test) in question was checked, loading it in addition without coding.
Again with regard to the apps in question, it was discovered how they steal mnemonic phrases (the sequences of words that, generated when creating a wallet, can be used to recover your cryptocurrencies in the event that the wallet in question is damaged. or lost).
In both cases, Trend Micro advised, as a precaution, to check reviews, especially negative ones, and to deepen the reputation of publishers and developers. If you are infected by these malicious apps, however, it is good to proceed with the relative manual removal, to change the password on Facebook, to activate two-factor authentication on the social network, also giving a check to your digital wallet.