Facebook users in Vietnam have become the target of hackers who are using malicious software to steal passwords of their accounts. The attackers are reportedly using what is called the GhostTeam virus. which has already affected over 35,000 smartphones in the country.
According to Vietnam's leading computer security firm BKAV, the GhostTeam virus takes advantage of popular Vietnamese applications on Google Play Store to spread and steal Facebook passwords.
The hackers first provide "clean" applications like calendar, flashlight and compass on Google Play, which, after being installed, automatically download the virus.
These applications tend to display security alerts, such as phone slowdown and virus infection, prompting the user to follow the displayed instructions that lead to a harmful link.
If the user does as suggested, the GhostTeam virus gets installed on the device and can steal the password of the user's Facebook account.
"It is very hard for users to be vigilant against viruses infiltrating through Google Play. In this case, users should use anti-virus software to get automatic protection," Vu Ngoc Son, BKAV Technology Group's deputy chairman in charge of anti-malware, said in a statement.
The number of smartphones infected with the GhostTeam virus is declining since Google has reportedly removed the harmful applications from the Play Store. However, devices, in which these applications are already installed, are very likely to be infected.
In 2017, Vietnamese users lost nearly $540 million due to viruses, BKAV had announced earlier this month. According to it, last year saw a significant increase in attacks on Internet of Things (IoT) devices, as well as in fake news and malware containing crypto-mining tools. BKAV's statistics also showed malware affected over 23,000 computers in Vietnam last year.
In August 2017, Sydney-based LMNTRIX Labs also identified a Facebook password-stealing software that came packed with a Trojan that stole the user's password.
"The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also sometimes as a standalone software," the research team at LMNTRIX Labs had told TechCrunch at the time.