Android apps with over 5.8 million downloads caught stealing users’ Facebook passwords
- Most of these trojan apps offered photo editing and app lock features.
- These apps asked users to sign in with Facebook to unlock features and disable in-app advertisements.
- If you used these apps and logged in with your Facebook account, you may want to change your passwords now.
AdvertisementGoogle has been emphasising its work on improving Android security with various measures over the past few years, but there’s still a lot left to be done. A new research report has revealed that
Security firm Doctor Web has published a report that identifies these 9 trojan apps which offered photo editing and app lock features. All these apps were found on the Google Play store, amassing nearly 6 million downloads amongst themselves.
The report goes on to add that Google had only removed some of these apps from the Play store, as of July 1, 2021, when the report went live.
PIP Photo app was the most downloaded among these apps, with 5 million downloads of its own.
How did these apps steal Facebook passwords?
All the apps mentioned in the report offered real features, causing the unsuspecting users to trust them. They even allowed users to unlock more features and disable in-app advertisements by logging into their Facebook accounts.
These apps exploited the widespread use of Google and Facebook login – something that is offered by many apps and games – to steal passwords of unsuspecting users.
The research firm describes the exploit mechanism below:
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView.
After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”
Here are the trojan apps mentioned in the report
If you have any of these apps installed on your phone, you may want to uninstall them:
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App Lock Manager
- Inwell Fitness
In case you downloaded these apps and used the Facebook login option, it is recommended that you unauthorize these apps from your Facebook account and change your password.
A COVID-19 SMS malware is targeting users in India as they look for alternatives to CoWIN for vaccine registration
A fake coronavirus tracking app is actually ransomware that threatens to leak social media accounts and delete a phone's storage unless a victim pays $100 in bitcoin
Hackers are using these fake coronavirus maps to give people malware
Popular on BI
- The 10-year Treasury yield will drop to 3.5% by the end of next year as the massive bond rally will continue, UBS says
- Instagram's crisis highlights the bigger issues the entire ad industry is facing
- Exit polls predict BJP advantage in MP, Rajasthan, Congress win in Chhattisgarh, Telangana and tight contest in Mizoram
- International air travel penetration remains low in India: CAPA
- "Meeting friends is always a delight": PM Modi reacts to 'Melodi' selfie shared by Italian counterpart Georgia Meloni
- WhatsApp testing new feature that lets you search users by their username
- Delhi airport: Flights diverted due to bad smog, bad weather
- Meta expanding child safety measures as scrutiny mounts