Android apps with over 5.8 million downloads caught stealing users’ Facebook passwords
- Most of these trojan apps offered photo editing and app lock features.
- These apps asked users to sign in with Facebook to unlock features and disable in-app advertisements.
- If you used these apps and logged in with your Facebook account, you may want to change your passwords now.
AdvertisementGoogle has been emphasising its work on improving Android security with various measures over the past few years, but there’s still a lot left to be done. A new research report has revealed that
Security firm Doctor Web has published a report that identifies these 9 trojan apps which offered photo editing and app lock features. All these apps were found on the Google Play store, amassing nearly 6 million downloads amongst themselves.
The report goes on to add that Google had only removed some of these apps from the Play store, as of July 1, 2021, when the report went live.
PIP Photo app was the most downloaded among these apps, with 5 million downloads of its own.
How did these apps steal Facebook passwords?
All the apps mentioned in the report offered real features, causing the unsuspecting users to trust them. They even allowed users to unlock more features and disable in-app advertisements by logging into their Facebook accounts.
These apps exploited the widespread use of Google and Facebook login – something that is offered by many apps and games – to steal passwords of unsuspecting users.
The research firm describes the exploit mechanism below:
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView.
After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”
Here are the trojan apps mentioned in the report
If you have any of these apps installed on your phone, you may want to uninstall them:
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App Lock Manager
- Inwell Fitness
In case you downloaded these apps and used the Facebook login option, it is recommended that you unauthorize these apps from your Facebook account and change your password.
A COVID-19 SMS malware is targeting users in India as they look for alternatives to CoWIN for vaccine registration
A fake coronavirus tracking app is actually ransomware that threatens to leak social media accounts and delete a phone's storage unless a victim pays $100 in bitcoin
Hackers are using these fake coronavirus maps to give people malware
Popular on BI
- Govt approves PLI scheme for making drones with outlay of Rs 120 cr, comes out with norms
- Apple transportation through drones to become reality in tribal Kinnaur district of HP
- Researchers develop device that uses sound waves to separate blood-based nanoparticles
- 5 Bihar villages to be developed into human-carnivore coexistence zone
- Delhi's air quality will likely improve from Sunday evening, says IMD