Even after many efforts made by Google last year, malicious apps always somehow manage to make their ways into Google app store. Security researchers have now discovered a new piece of malware, dubbed GhostTeam, in at least 56 applications on Google Play Store that is designed to steal Facebook login credentials and aggressively display pop-up advertisements to users.

Discovered independently by two cybersecurity firms, Trend Micro and Avast, the malicious apps disguise as various utility (such as the flashlight, QR code scanner, and compass), performance-boosting (like file-transfer and cleaner), entertainment, lifestyle and video downloader apps.

Like most malware apps, these Android apps themselves don’t contain any malicious code, which is why they managed to end up on Google's official Play Store.

Once installed, it first confirms if the device is not an emulator or a virtual environment and then accordingly downloads the malware payload, which prompts the victim to approve device administrator permissions to gain persistence on the device.

"The downloader app collects information about the device, such as unique device ID, location, language and display parameters," Avast said. "The device’s location is obtained from the IP address that is used when contacting online services that offer geolocation information for IPs."

How Android Malware Steals Your Facebook Account Password

As soon as users open their Facebook app, the malware immediately prompts them to re-verify their account by logging into Facebook. Instead of exploiting any system or application vulnerabilities, the malware uses a classic phishing scheme in order to get the job done.

These fake apps simply launch a WebView component with Facebook look-alike login page and ask users to log-in. Apparently, WebView code steals the victim's Facebook username and password and sends them to a remote hacker-controlled server.

"This is most likely due to developers using embedded web browsers (WebView, WebChromeClient) in their apps, instead of opening the webpage in a browser," Avast said.

Trend Micro researchers warn that these stolen Facebook credentials can later be repurposed to deliver "far more damaging malware" or "amass a zombie social media army" to spread fake news or generate cryptocurrency-mining malware.

Stolen Facebook accounts can also expose "a wealth of other financial and personally identifiable information," which can then be sold in the underground markets.

Security firms believe that GhostTeam has been developed and uploaded to the Play Store by a Vietnamese developer due to considerable use of Vietnamese language in the code.

According to the researchers, the most users affected by the GhostTeam malware reportedly resides in India, Indonesia, Brazil, Vietnam, and the Philippines.

Besides stealing Facebook credentials, the GhostTeam malware also displays pop up adverts aggressively by always keeping the infected device awake by showing unwanted ads in the background.

All the apps have since been removed by Google from the Play Store after researchers reported them to the company. However, users who have already installed one such app on their devices should make sure they have Google Play Protect enabled.

Play Protect security feature uses machine learning and app usage analysis to remove (i.e. uninstall) malicious apps from users Android smartphones in an effort to prevent any further harm.

Although malicious apps floating on the official app store is a never-ending concern, the best way to protect yourself is always to be vigilant when downloading apps, and always verify app permissions and reviews before you download one.

Moreover, you are strongly advised to keep a good antivirus app on your mobile device that can detect and block such threat before they infect your device, and most importantly, always keep your device and apps up-to-date.

“Nearly two in three U.S. adults who have personal social media profiles say they are aware that their accounts have been hacked and 86 percent agree they limit the personal information they post due to the fear of it being accessed by hackers.”

Even with this awareness, a third of social media users are unaware of being hacked. And being aware of the problems isn’t the same as blocking them completely.

Before You Start: Unfriend Neglected Accounts!

Whatever social network you use, keeping tabs on which accounts are in use and which have been abandoned is important. Neglected or deserted accounts can be hijacked by scammers far more easily than an account that is regularly accessed.

Think about it this way: if you stopped using a social account, what information would a hacker find? Details of your friends, employers, family members… and of course, your own data. Personal information such as your birthday, where you live, and the things you like to do. Photos of you and your friends.

Anyone you’re friends with has a degree of access to the same information. Perhaps they don’t have the option to view detailed information about you, but anything they know of you offline may be mentioned. You’ll appear in their photos. Links might be shared with you by them.

All in all, it’s an avenue for scammers to get their hooks into you by posing as a friend online. You’ve no real way to tell if the account is being controlled by a friend or not, unless you call them on the phone or speak in person.

So, if an account suddenly comes back to life, treat it with suspicion at first. But it’s better to avoid this possibility altogether, and simply delete neglected accounts. What’s the worst that could happen? That you might be wrong?

Once you’ve sorted that problem out, it’s time to move onto the nuts and bolts of social account security. We’ve featured the three most popular social media services below. Use the steps in each to ensure your account security.

Login to Facebook, open the menu, and you’ll find two key items: Security and Login and Privacy. Using these (and a couple of other options) you’ll be able to gain complete control of your Facebook account privacy.

To get started, expand the Where you’re logged in view in Security and login. This will illustrate not only how much information Facebook records about you, but what information might be gathered by someone using your account. It’s a good idea to use the Log out of all sessions button to remove this data.

Once you’ve done that, it’s a very good idea to setup a physical security key to control access to your Facebook account. This ensures protection against login-based scams and hacks.

How to Secure Your Twitter Account

Compared to Facebook, Twitter is tiny, with just 330 million users in the same period. Unlike Facebook, many Twitter accounts are automated (more commonly known as “bots”) and many people have control of multiple accounts. As such, the real total could be far less.

This doesn’t mean that the risk of being hacked or scammed is any less real, however. You need to take the practice of securing your Twitter account seriously. Don’t just robotically do it — understand why you need to and what each step of the process means.

How to Secure Your Facebook Account

Just how massive is Facebook? Well, in the third quarter of 2017, Facebook reported an unparalleled 2.07 billion monthly active users.

Over the years, additional privacy and security features have been added. But before we take a look at how to tighten things up, just remember: Facebook might be free, but they’re making money out of you. Bearing in mind just how much they know about you, you might be less inclined to embrace Facebook as wholeheartedly in future.

A key part of this is controlling the apps that you give access to. It only takes one bad app, or one dodgy developer, to be able to subvert access to your Twitter account. Solve this problem by disabling apps that you no longer use. Many services utilize a Twitter login to save time, and these should also be carefully administered.

How to Secure Your Instagram Account

As of April 2017, Instagram boasted an impressive 700 million users. Although some accounts are spam bots, most are controlled by people (or in the case of celebrity Instagram accounts, PR teams).

Photo sharing can be a risk, however. There is information that can be gleaned from photos alone, such as where you are, where you’ve been, who you’re with. All things you may prefer undesirables are not privy to.

Want to keep your Instagram account secure? It’s very simple.

Open the Options menu to find the Change Password option, and select a password that is secure. For more privacy, meanwhile, you can flick the Private Account switch. While existing followers will remain, no new people can see your photos unless you give approval. If your children are using Instagram, this is a setting you should insist on them enabling. Comments can also be disabled, and automatic and manual filters enabled to limit the sort of language used by commenters.

Security researchers have unveiled one of the most powerful and highly advanced Android spyware tools that give hackers full control of infected devices remotely. Dubbed Skygofree, the Android spyware has been designed for targeted surveillance, and it is believed to have been targeting a large number of users for the past four years.

Since 2014, the Skygofree implant has gained several novel features previously unseen in the wild, according to a new report published by Russian cybersecurity firm Kaspersky Labs.

The 'remarkable new features' include location-based audio recording using device's microphone, the use of Android Accessibility Services to steal WhatsApp messages, and the ability to connect infected devices to malicious Wi-Fi networks controlled by attackers.

Skygofree is being distributed through fake web pages mimicking leading mobile network operators, most of which have been registered by the attackers since 2015—the year when the distribution campaign was most active, according to Kaspersky's telemetry data.

Italian IT Firm Behind Skygofree Spyware?

Researchers at Kaspersky Lab believe the hacker or hacking group behind this mobile surveillance tool has been active since 2014 and are based in Italy—the home for the infamous 'Hacking Team'—one of the world's bigger players in spyware trading.

"Given the many artifacts we discovered in the malware code, as well as infrastructure analysis, we are pretty confident that the developer of the Skygofree implants is an Italian IT company that works on surveillance solutions, just like HackingTeam," said the report.

Kaspersky found several Italian devices infected with Skygofree, which the firm described as one of the most powerful, advanced mobile implants it has ever seen.

Although the security firm has not confirmed the name of the Italian company behind this spyware, it found multiple references to Rome-based technology company "Negg" in the spyware's code. Negg is also specialised in developing and trading legal hacking tools.

Skygofree: Powerful Android Spyware Tool

Once installed, Skygofree hides its icon and starts background services to conceal further actions from the user. It also includes a self-protection feature, preventing services from being killed.

As of October last year, Skygofree became a sophisticated multi-stage spyware tool that gives attackers full remote control of the infected device using a reverse shell payload and a command and control (C&C) server architecture.

According to the technical details published by researchers, Skygofree includes multiple exploits to escalate privileges for root access, granting it ability to execute most sophisticated payloads on the infected Android devices.

One such payload allows the implant to execute shellcode and steal data belonging to other applications installed on the targeted devices, including Facebook, WhatsApp, Line, and Viber.

"There are multiple, exceptional capabilities: usage of multiple exploits for gaining root privileges, a complex payload structure, [and] never-before-seen surveillance features," the researchers said.

Skygofree’s control (C&C) server also allows attackers to capture pictures and videos remotely, seize call records and SMS, as well as monitor the users' geolocation, calendar events and any information stored in the device's memory.

Besides this, Skygofree also can record audio via the microphone when the infected device was in a specified location and the ability to force the infected device to connect to compromised Wi-Fi networks controlled by the attacker, enabling man-in-the-middle attacks.

The spyware uses "the Android Accessibility Service to get information directly from the displayed elements on the screen, so it waits for the targeted application to be launched and then parses all nodes to find text messages," Kaspersky said.

Kaspersky researchers also found a variant of Skygofree targeting Windows users, suggesting the authors' next area of interest is the Windows platform.

The best way to prevent yourself from being a victim is to avoid downloading apps via third-party websites, app stores or links provided in SMS messages or emails.

Being a parent is hard, especially when you have to keep up with the growing list of technological changes affecting your children. In between chauffeuring kids to soccer practice and staying on top of their grades, there’s little time to research online threats, but computer viruses, ransomware and identity theft happen to children every day. Although it may seem that malware attacks and cybercrime live in the adult world, cyber thieves regularly target children and teens where they’re most active – chat rooms, social media, video streaming sites and online video games. Children are good targets because they may have high levels of trust in people and low levels of knowledge in cybersecurity.

Being proactive and staying educated on the current cybersecurity risks facing kids and teens in today’s digital world goes a long way to keeping them safer online. Parents who understand the biggest risks and educate their children are more likely to shut down cybercriminals before they ever have a chance to strike. Below are some of the top cybersecurity concerns every parent should understand in 2018.

Anonymous Sharing

Anonymous sharing is popular among tweens and teens. Apps like Snapchat allow users to post images and messages that only show up temporarily and then are removed. But nothing on the internet is temporary. Cyber thieves and bullies can easily take screenshots and photos of information and images before they disappear.

Popular apps like Whisper keep a user’s identity unknown, while others like Anomo start you off as anonymous but let you change your settings over time. If your adolescents want to share anonymously, they may choose apps like After School, which is developed specifically for teenagers and includes resources for counseling, scholarships and social campaigns.

Over 75 percent of surveyed parents viewed anonymous sharing as “somewhat unsafe” or “very unsafe.” It’s a legitimate fear. Although anonymous sharing can promote healthy and open expression for users, it can also make it easier to overshare information. Before letting your child use anonymous sharing apps, discuss what information is safe to share with your child. Kids should be wary of any messages containing links or attachments, which could contain malware or lead to phishing websites.

Direct Messaging

The majority of social media sites have direct message features for connecting with friends, family and strangers. Direct messages are popular with cyberthieves who place links directing to phishing sites and harmful downloads. Here are the warning signs and how to avoid these schemes:

• Avoid clicking on messages with an unusual amount of typos and misspellings, wrong subject-verb agreements or unusual punctuation marks.
• Messages asking for personal information like passwords, SSNs, credit cards or PINs. No legitimate social media site will correspond with its users about these topics through direct message.
• Be extremely skeptical of messages claiming your account will be locked or deleted unless a specific action is taken.
• Don’t click links that are mismatched from their descriptions. Hover over a link with your cursor and check the status bar at the bottom of your browser window. Make sure the status bar address matches the intended destination. Both addresses should match for any type of link, whether in direct messages, emails or browsers.

Practice these cybersecurity habits with your children. Visit sites like scam-detector.com and show your kids common ways cybecriminals spread viruses via direct messages on Twitter, Facebook and other social media networks.

Email Attachments and Links

Social engineering is a powerful way for cyberthieves to trick children into infecting their own devices or revealing personal information. Sit down with your kids and show them how you check your emails. Even have them send you one themselves with a message and an attachment like a picture.

Explain and demonstrate how a phishing email works and their telltale signs. Send your child an email with a “bad” mismatched link you made up. Show them how to hover the cursor over a link to reveal its true destination on the web. Most importantly, explain why you never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment.

Video Streaming Sites

The world of television programs and cable networks, familiar to many parents, has given way to online celebrities and YouTube videos for their children. Everyday, YouTube users watch over 1 billion hours of videos. All of this traffic draws the attention of scammers and cyberthieves looking to hack the system for profit.

For video sites like YouTube, cyber threats come not from streaming videos but from other parts of the platform. While your child can’t get a virus while watching a YouTube video, they can click on a link in the comments section, an ad or a video description and infect your device with malware.

Take these preventative measures to protect your devices from infection:

• Get them familiar with how YouTube works. Show them the problem areas: where the comments section lives, what video ads look like and where links in video descriptions are inserted.
• Enable YouTube Restricted mode, which will filter out inappropriate content and hacking schemes like the one above.
• Consider downloading the YouTube Kids App, which helps you control their content through it. Some features, like the comments section, can be turned off completely.

Videos will only get more and more popular for both children and cyberthieves. Get ahead of cyberattack trends by educating your family on current threats within video platforms.

Online Video Games

Kids love video games, especially those that let them share their experiences and creations with others. Almost every video game today has some type of social component built in, whether it’s direct messaging or chat. Minecraft and Roblox are just two examples of popular user-generated online games that let kids build worlds and share them with others.

While such games are good for building imaginations and relationships, they’re also the playground for hackers. Like YouTube, cyberthreats on the websites aren’t the problem. That is, you can’t get a virus just from playing Minecraft, League of Legends or Roblox. You get it when you leave the game’s website and land on another, and thieves use social engineering tricks like the following to lure kids away:

• Pop-up ads or chat links offering free coins, avatars, skins and upgrades. Once clicked, the ad or link takes them to a website that requires them to download an executable file. When opened, the program infects the computer with malware designed to steal data, which can include your banking formation and account passwords.
• Fake login schemes use pop-ups within the game to tell the player they must provide their username and password to continue. Sometimes the pop-up claims the site is “under maintenance” as a social engineering ploy to steal a player’s account and lock them out.
• Hackers use botnets to send spam and fake ads to millions of players, asking them to visit websites for free stuff. The botnet is designed to run a fraudulent ad scheme, which relies on more views and clicks to make the hackers money.

Here are some tips to help your child avoid phishing scams on video games:

• If the game allows, set your child’s chat options to “friends only.”
• Teach your child the “no free lunches” lesson. Drill the point home that if it sounds too good to be true, it probably is. The old adage should be the mantra for any parent warning their child about online “free” offers.

Cyberattacks can rob you of your personal data and your child of their hard-earned accounts. Keep the fun going by teaching your child the common tricks hackers use on video game websites.

Be Proactive, Not Reactive

Set Up Parental Controls

Keep your kids safe and consider executing a multi-layered approach to parental controls, starting with the devices themselves.

• Set up parental controls for your devices: Windows and/or Mac
• Set up parental controls for web browsers. For Chrome, you can create a supervised profileto monitor and block any content they visit. Firefox has many different add-on extensionsfor similar purposes.
• Set up parental controls for all of the apps your kids can access. You can set their Facebook privacy settings to “Friends Only” and block specific content for their YouTube channels.

Setting up a multi-layered approach will create redundancies of protection — if one layer of protection fails, the others will still work.

Protect Your Child’s Passwords

You child’s password to their social account is like gold to a cyberthief. With their password, cybercriminals can take over the account and use it to post fake news, spam others with messages or create fraudulent ads. Help your kids create passwords and keep record of the passwords in case you need access yourself. Here are some strategies for creating secure passwords:

• Find a balance between complexity and memorability. Creating longer passwords makes them more secure, but make sure your child can remember them.
• Make your password a sentence – you can use upper- and lowercase letters, spaces numbers, punctuation and more.
• Turn on strong authentication for apps that allow it. Strong authentication – sometimes called 2-step verification, multi- or two-factor authentication, or login approval – provides an extra layer of security beyond your username and password to protect against account hijacking.
• Consider using a password manager that will do the remembering for you.

Your child’s password is the key to their social media privacy and their account. Keep them safe from cyber thieves by creating a secure password.

Get Antivirus Protection

Downloading and installing a comprehensive antivirus protection software will actually solve many of the problems outlined in this guide. From helping avoid malicious links to managing your passwords, antivirus software will keep your data confidential, your identity safe, your devices virus-free and your children better protected from harmful content.

Many major antivirus protection plans offer free downloads that provide some basic protections.

Consider Cybersecurity an Investment

Like insurance, cybersecurity is something you avoid thinking about until you need it. But when disaster happens, you’re always glad it’s there. Stay ahead of the growing threat of cybercriminals and evolving malware by taking the time to invest in the things that work: educating yourself and your children, practicing good online habits, keeping your devices up to date and getting a comprehensive antivirus software system.

An Italian IT company has been using spoofed web pages to quietly distribute an extremely sophisticated Android spyware tool for conducting surveillance on targeted individuals since sometime in 2015.

In an advisory Tuesday, security vendor Kaspersky Lab described the tool, named Skygofree, as containing location-based audio recording capabilities and other functionality never before seen in the wild.

Available telemetry suggests the multi-stage spyware was first developed in 2014 and has been in continuous development since then. The Android implant gives attackers the ability to take complete administrative control of infected devices and to snoop in on conversations and nearby noises when the device enters specific locations, Kaspersky Lab said.

Skygofree is also designed to steal WhatsApp messages via Android's Accessibility Services and to connect infected devices to attacker-controlled Wi-Fi networks. Its other capabilities include the ability to surreptitiously take videos and pictures, steal call records and SMS messages, and grab geolocation data, calendar events, and other information from infected devices.

Interestingly, the spyware tool has the ability to add itself to the list of protected Android apps on an infected device so it doesn't get automatically shut down when the screen is turned off.

In total, Skygofree supports 48 different commands that attackers can use to execute various malicious actions on an infected device. Attackers can control the malware using HTTP, binary SMS messages, the Extensible Messaging and Presence Protocol (XMPP), and FirebaseCloudMessaging services, according to Kaspersky Lab.

The same IT firm that developed the malware also appears to be distributing it, says Alexey Firsh, malware analyst at Kaspersky Lab. The firm has been using web pages spoofed to appear like they belong to leading mobile network providers to deliver the malware on Android devices.

The first spoofed landing pages were registered in 2015. The most recent domain was registered last October suggesting the distribution campaign is still active. "Based on the infrastructure analysis we believe that it was set up by the same commercial entity which is believed to be behind the malware itself," Firsh says.

Following the Kaspersky Lab advisory, the domain Whois Record was edited, suggesting the Italian firm is now trying to cover its tracks, he noted.

Available information shows that the targets of the attacks so far have been all Italian-speaking individuals. What remains unclear is how exactly victims arrive at the spoofed landing pages from where the malware is being distributed.

"It could be some kind of malicious redirect or targeted phishing with a link," Firsh says. "We don’t know exactly, but these phishing sites were not public-forced and [a] user that is reading news or watching funny videos could not just get to these pages," by accident, he says.

Identifying and blocking high-end mobile malware such as Skygofree can be extremely challenging given their complex payload structure and native code binaries, Firsh says. Another big challenge is the relatively small number of people that get targeted with this kind of tool, making it hard for security researchers to get their hands on them.

Kaspersky Lab has not identified the developer of Skygofree by name. But the IT firm behind the spyware appears to be similar to other providers of so-called lawful intercept software such as the Milan-based HackingTeam, FinFisher of Munich, and RCS Lab of Milan. Law enforcement and spy outfits from around the world use software from companies such as these to conduct surveillance and pursue investigations.