91°F
weather icon Clear
Las Vegas, NV
Nation and World

Facebook logins stolen by popular Android game

More than half a million people downloaded an Android game that stole their Facebook usernames and passwords, according to researchers. It was called "Cowboy Adventure," and it just got pulled out of the app store for Android phones, Google Play. But it had already been downloaded anywhere from 500,000 to 1 million times, according to Google statistics.
More Stories
Cars form a line near the race track at the Bonneville Salt Flats near Wendover, Utah, Aug. 13, ...
Driver attempting to set a record at Utah’s Bonneville Salt Flats dies after losing control
Vehicles are seen being taken by the Tennessee Bureau of Investigation in Lake County, Tennesse ...
Police arrest suspect in killings of 4 Tennessee family members
FILE - Debris from the Titan submersible, recovered from the ocean floor near the wreck of the ...
Titan sub disaster tied to ignored warnings and weak oversight, Coast Guard says
Smoke from the Gifford Fire fills the sky as the sun sets over Los Padres National Forest, Cali ...
Huge wildfire in central California threatens more than 800 structures
By JOSE PAGLIERY CNN
July 9, 2015 - 9:50 pm
 

More than half a million people downloaded an Android game that stole their Facebook usernames and passwords, according to researchers.

It was called “Cowboy Adventure,” and it just got pulled out of the app store for Android phones, Google Play. But it had already been downloaded anywhere from 500,000 to 1 million times, according to Google statistics.

And it wasn’t the only one. Jump Chess did the same thing, and it had already been downloaded by up to 5,000 devices. It also disappeared from the app store on July 2.

Both games were made by the same software developer, Tinker Studio. CNNMoney has tried to communicate with the firm, but it hasn’t yet responded.

Anyone who has downloaded these games should change their Facebook password immediately.

On Google Play — which is supposed to be a safe zone — this could be the largest spread of this type of malware yet.

Google did not reply to CNNMoney questions about why Google didn’t catch this sooner — and whether Tinker Studio will be banned from Google Play.

On Thursday, computer researchers with the Slovakian antivirus company ESET explained how they spotted this.

ESET routinely scans popular apps and reverse engineers them to check their computer code for malicious features.

Lukáš Štefanko, a computer researcher there, pulled apart Cowboy Adventure and found it behaving strangely.

Nowadays, lots of apps ask for your Facebook name and password to login. Respectable apps transmit that information securely to Facebook using a respected standard called OAuth.

But not Cowboy Adventures. It grabbed that data and sent it to a computer server located in Panama, according to researchers.

ESET checked the other game developed by Tinker Studio and found it behaving the same way. ESET explored the code and found it contained Vietnamese text, but it’s hard to tell exactly where these developers were based — or what they were doing with the massive collection of Facebook logins.

There’s a possibility these aren’t hackers, just game developers carelessly transmitting usernames and passwords to Facebook. But ESET senior security researcher Robert Lipovsky is convinced they’re criminals.

“It’s very unlikely that they were just dumb,” Lipovsky said.

If anyone tries to download either game now, Google warns: “It is designed to trick you into entering personal data.”

The lesson here? Be more careful when downloading an app. Read user reviews. In this case, some people complained that the game locked them out of their Facebook accounts.

And it’s worth having some kind of malware-scanning service on your smartphone. (Avast, AVG, Bitdefender, ESET, Kaspersky and others make them.)

MOST READ
Don't miss the big stories. Like us on Facebook.
THE LATEST
Vehicles are seen being taken by the Tennessee Bureau of Investigation in Lake County, Tennesse ...
Police arrest suspect in killings of 4 Tennessee family members
By Mike Catalini The Associated Press

The man wanted in the killings of the parents, grandmother and uncle of an infant found abandoned in a front yard in western Tennessee last week has been arrested, police said.

Federal Reserve Chairman Jerome Powell listens as President Donald Trump visits the Federal Res ...
Fed leaves interest rates unchanged even as Trump demands cuts
By CHRISTOPHER RUGABER AP Economics Writer

The Federal Reserve left its key short-term interest rate unchanged for the fifth time this year, brushing off repeated calls from President Donald Trump for a cut.

MORE STORIES