Google Play is the source for installing application on Android smartphone devices. Malwarebytes security researchers uncovered over this week a malicious application that require  GET_ACCOUNTS permission which allow access to list of accounts.

The application claims to be a wallpaper app that will display pictures but obviously it will collect credential  from social media accounts such as Google, Facebook, and Twitter to send them to a remote server controlled by cybercriminal.

screenshot for the malicious application sourced Malwarebyets

This is not the first case that security researcher spot risky application on Google play so it is always important to provide only required permission to application and this is not only on smartphone but for any system you use. there are no information how the social network accounts are going to be used but usually attacker will use them for sending spam, conducting a phishing attacks or recovering financial information for online payment systems.