It was discovered that nine Android apps, including one having millions of users, were stealing users’ Facebook Inc. login credentials aka passwords. Google LLC has removed all of them from the Play store. The apps, labeled “thieving Trojans,” were discovered and disclosed on July 1 by malware specialists at Dr. Web.
They spread like harmless software and have approximately 6 million installs. Unlike earlier instances of detecting malicious Android apps, the apps in this situation all offered legitimate services such as photo editing and frames, fitness and training, horoscopes, and junk file cleanup.
Also read: Clubhouse Private Messaging Feature Leaked By Its Users
List of Removed Apps
- Applications included PIP Photo with up to 5 million installs;
- Photo processing with up to 500,000 installations;
- Waste Cleaner, Daily Horoscope, and Inwell Fitness with up to 100,000 installations
- App Lock Keep with up to 50,000 installations.
- Lockit Master, Horoscope Pi, and App Lock Manager
Also read: Gettr, A New Twitter-like Social Media Platform Launched By Trump Team
How did These Apps Steal Facebook Passwords
When app users selected the login option, they got a typical Facebook login screen, but with one difference. The genuine Facebook login page was displayed in WebView, with JavaScript loaded to intercept the entered login credentials.
When users input their Facebook login credentials, the JavaScript would transfer them to the attacker’s command-and-control server; with the users being completely unaware that they had successfully logged into Facebook. The Trojan stole cookies from the current authorization sessions once the victims logged into their accounts.
Also read: WhatsApp ‘View Once’ Feature Rolling Out To Android Beta Testers
Although the apps target Facebook accounts, they may have targeted accounts on other platforms as well. The attackers could have easily modified the trojans’ settings and prompted them to load the website of another reputable service, according to the experts. “They may have even used a phishing site’s fully fake login form. As a result, the trojans might have stolen logins and passwords from any service.”
Google has yet to provide a public statement regarding the apps. Google play store has removed the apps, according to Ars Technica. The developers of the apps have also been banned, according to a Google spokeswoman.
Always on the quest to learn and share the knowledge. Big fan of books (but not the self help ones) specially fiction. A grammar Nazi who loves to eat, cook, travel and watching thunderstorms.