Beware of 9 apps “accused” of stealing Facebook passwords

The story of the security of the Google Play Store app market was once again mentioned, when up to 9 Android apps with millions of downloads were found to secretly steal users’ Facebook passwords.

Beware of 9 apps accused of stealing Facebook passwords - Photo 1.

Privacy, user data and data collection apps are hot topics lately. Recently there was another such incident.

Security researchers have recently discovered 9 Android applications containing malicious code that are “abetting” hackers to steal users’ Facebook passwords.

According to a company specializing in Russian IT security solutions named Dr. Web, Android applications were found to be disguised as legitimate applications. Some camouflage applications provide basic photo editing features, customize the screen.

But few expected, these applications were created to steal users’ Facebook passwords. Of course, Google was notified of this and the apps have now been removed from the Google Play Store.

A Google spokesperson said the company has banned developers of the nine apps from submitting new apps. That’s the right thing Google has to do. However, it is only a small hurdle as developers only need to register a new developer account with a different name for a fee of 25 USD.

One of the common password-stealing tactics of these applications is to lure users into logging into their Facebook accounts to “remove ads”. So it is the user who accidentally gives away their Facebook account and password to the bad guys without even knowing it.

Apps may have passed the Google Play Store review process because they act as an ad-filled app. It shows a legitimate Facebook login page in a WebView app but with extra Javascript to intercept user credentials.

Beware of 9 apps accused of stealing Facebook passwords - Photo 2.

Describing the scams of these apps, Dr.Web explains:

“These trojans use a special mechanism to trick the victim. After receiving the necessary settings from one of the C&C servers, the bad guy will download the legitimate Facebook website with the address https://www. to the WebView Next, they load the JavaScript received from the C&C server into the same WebView, which is used directly to hijack the user’s login information.

The JavaScript then uses special methods to pass the stolen logins and passwords to the trojan apps, which in turn pass the data to the attacker’s C&C server. After the victim logged into their account, the trojan also stole cookies from the current authorized session. And then that cookie will also be sent to cybercriminals.”

So if you’ve ever downloaded any of the 9 apps below, change your Facebook password immediately. Furthermore, change the password for all accounts that match your Facebook password.

– PIP Photo: more than 5.8 million downloads

– Processing Photo: more than 500,000 downloads

– Rubbish Cleaner: more than 100,000 downloads

– Inwell Fitness: more than 100,000 downloads

– Horoscope Daily: more than 100,000 downloads

– App Lock Keep: more than 50,000 downloads

– Lockit Master: more than 5,000 downloads

– Horoscope Pi: 1,000 downloads

– App Lock Manager: 10 downloads

Related Posts