It's not at all surprising that the _Google Play Store _is surrounded by a number of malicious applications that may gain users' attention to fall victim for one, but this time it might be even worse than you thought.
Threat researchers from security firm ESET have discovered a malicious Facebook-Credentials-Stealing Trojan masquerading as an Android game that has been downloaded by more than a Million Android users.
The Android game, dubbed "Cowboy Adventure," and another malicious game, dubbed "Jump Chess" – downloaded up to 50,000 times, have since been removed from Google Play Store.
However, before taking them off from the app store, the creepy game apps may have compromised an unknown number of victims' Facebook credentials.
Both the games were created by the same software developer, Tinker Studio and both were used to gather social media credentials from unsuspecting users.
Once installed, Cowboy Adventure produced a fake Facebook login window that prompted users to enter their Facebook usernames along with their passwords. A practice known as OAuth in which a 3rd party asks your Facebook login.
However, if users provide their credentials to Cowboy Adventure app, the malicious code within the game app allegedly sent their credentials to the attacker's server.
Therefore, If you have downloaded Cowboy Adventure or Jump Chess, you should immediately change not alone your Facebook password, but any service that uses the same combination of username and password as your Facebook account.
ESET senior security researcher Robert Lipovsky believes that the app malicious behavior is not just a careless mistake of the game developer, but the developer is actually a criminal minded.
A few basic tips that you should always keep in your mind are: