A Trojanized Facebook Lite app for Android has been found stealing device information and installing malicious apps in the background.
How can this happen?
There is some indication that the app is meant for targeting Chinese users, who can’t access Google Play and rely on third-party app stores to get the apps they need and want.
It’s difficult to tell the legitimate and Trojanized app apart, as the latter works as advertised and looks like the real deal:
Facebook Lite is a version of the Facebook app that uses less data and works in all network conditions.
In the background, through, the app makes sure that it will run each time the phone is booted, and that it can collect device info (device ID, system version, MAC address, location, etc.) and quietly install additional apps.
Whenever possible, Android malware peddlers masquerade their malicious wares as popular apps. And if the app can be made to function as a regular app does, while shielding its malicious actions from the victims’ eyes, all the better.
It seems highly unlikely that such an app would pass Google Play’s vetting process, even though occasionally some do, but users who download apps from other sources might encounter it.
So, if you belong to the latter category of users, be very, very careful which apps you install. Do a thorough check of the purported app developer and comb through the reviews (especially the negative ones) left by other users before you even think about downloading and using it.