It's no secret that Facebook can be a real hog, both in terms of data and battery usage. To combat the problem, Facebook released a cut-down version of its mobile app in certain markets called Facebook Lite; it also followed that up more recently with Facebook Messenger Lite.
The problem with Facebook Lite is that it's not available everywhere through Google Play. For people keen to get their hands on the app, there are plenty of app repositories online offering it for download. But not all repositories are equal, and some are serving up a tainted version of Facebook Lite that's laden down with spyware -- specifically Android/Trojan.Spy.FakePlay.
The Trojanized version of the app steals personal data and runs extra code that will secretly download and install additional apps. Malwarebytes warns that while the malicious versions of Facebook Lite appears to be working as it should, there is sinister activity going on in the background:
The infected Facebook Lite works as advertised, but with the addition of malicious activities. It does this by using a malicious receiver com.google.update.LaunchReceiver and service com.google.update.GetInst. Note the use of using a receiver and service name that attempts to hide under what some may think is Google Update; something an untrained eye may not catch.
The dodgy versions of the app appear to have links to China, and the warning is to either obtain the official app directly from Google Play or, if this is not possible, to take extra care when grabbing it from other sources.