According to Researchers Tianfang Guo and Jinjian Zhai it is believed that 500,000 to one million Android downloads in four months for ‘Cowboy Adventure' is a new malware record. It is one of two games that ESET malware researchers found containing malicious functionality, the other one being Jump Chess which had far fewer downloads. A distinguishing factor is that these apps contain real functionality - they are real games – but analysis of the ‘Platformer 2D' game engine showed that “Cowboy Adventure” is primarily a phishing malware disguised within a game.
When the app is launched, the user sees a fake Facebook login window and if they enter their Facebook username and passwords then these credentials are sent to the attackers' server. The researchers were alerted to the scam when they found some users – mostly Chinese speakers - complaining about their Facebook accounts being abused.