An Android trojan has infected a version of Facebook Lite so that it can try to secretly steal users’ device information.
Facebook Lite is a version of the popular social messaging Android app that uses less data than the regular version. It’s also designed for 2G networks, which helps the app work on networks with slow or unstable web connections. Facebook Lite is available on Google’s Play Store for download.
The app works on most Android phones. But there are some restrictions. Depending on the device or country of origin, users might not be able to install the app.
These factors help to explain why users go looking for apps like Facebook Lite on third-party Android app stores. It’s their hope they can find a version of the app that works with their phone or location. Sometimes they do just that, but it comes at a cost.
Case and point, Malwarebytes came across one Facebook Lite version that’s been infected with an Android trojan known as Android/Trojan.Spy.FakePlay. The app works as advertised, but every time the device boots up, the app launches com.google.update.LaunchReceiver. This service, which masquerades as a Google Update, then runs the equally deceptive com.google.update.GetInst, a receiver which contains malicious code for stealing users’ device information and installing malicious apps.
Malwarebytes senior malware intelligence analyst Nathan Collier reflects on Spy.FakePlay’s behavior in a blog post:
“The literal meaning of Trojan when it comes to computing is quote from Wikipedia any malicious computer program which is used to hack into a computer by misleading users of its true intent. This particular piece of mobile malware is a perfect example; it misleads by infecting a legit app with malicious code and then hides its presence under the name of well-known corporation.”
Based on characters found in its code, the Facebook Lite version originates from China. This country doesn’t have access to Google Play. Instead it relies on third-party app marketplaces that sometimes contain malicious downloads.
Acknowledging the threat of unofficial app stores, users should only install applications from official app marketplaces like Google’s Play Store. That’s not to say the Play Store is completely safe from malware, but it has better vetting processes for apps. They should also install and maintain an anti-virus solution on their devices.