Select City

Popular Google Play Apps Found to be Stealing Facebook Passwords

google-follow
- Updated: 11th Oct 2022, 17:33 IST
  • 1
    List of Removed Apps
  • 2
    How did These Apps Steal Facebook Passwords

It was discovered that nine Android apps, including one having millions of users, were stealing users’ Facebook Inc. login credentials aka passwords. Google LLC has removed all of them from the Play store. The apps, labeled “thieving Trojans,” were discovered and disclosed on July 1 by malware specialists at Dr. Web.

They spread like harmless software and have approximately 6 million installs. Unlike earlier instances of detecting malicious Android apps, the apps in this situation all offered legitimate services such as photo editing and frames, fitness and training, horoscopes, and junk file cleanup.

Also read: Clubhouse Private Messaging Feature Leaked By Its Users

List of Removed Apps

  • Applications included PIP Photo with up to 5 million installs;
  • Photo processing with up to 500,000 installations;
  • Waste Cleaner, Daily Horoscope, and Inwell Fitness with up to 100,000 installations
  • App Lock Keep with up to 50,000 installations.
  • Lockit Master, Horoscope Pi, and App Lock Manager

Also read: Gettr, A New Twitter-like Social Media Platform Launched By Trump Team

How did These Apps Steal Facebook Passwords

When app users selected the login option, they got a typical Facebook login screen, but with one difference. The genuine Facebook login page was displayed in WebView, with JavaScript loaded to intercept the entered login credentials.

When users input their Facebook login credentials, the JavaScript would transfer them to the attacker’s command-and-control server; with the users being completely unaware that they had successfully logged into Facebook. The Trojan stole cookies from the current authorization sessions once the victims logged into their accounts.

Apps Stealing Facebook Passwords

Also read: WhatsApp ‘View Once’ Feature Rolling Out To Android Beta Testers

Although the apps target Facebook accounts, they may have targeted accounts on other platforms as well. The attackers could have easily modified the trojans’ settings and prompted them to load the website of another reputable service, according to the experts. “They may have even used a phishing site’s fully fake login form. As a result, the trojans might have stolen logins and passwords from any service.”

Google has yet to provide a public statement regarding the apps. Google play store has removed the apps, according to Ars Technica. The developers of the apps have also been banned, according to a Google spokeswoman.



Comments