These nine Android apps may have stolen your Facebook password

Illustration from the article titled These Nine Android Apps May Have Stolen Your Facebook Login Information

Photo: Lionel bonaventure (Getty Images)

Google launched nine Android apps with more than 5.8 million combined downloads on its Play Store after researchers discovered they contained malicious code used to steal users’ Facebook login credentials, according to the Russian software company. anti-virus. Dr Web.

As reported by Ars Technica, these Trojan horse apps were designed to look and function like legitimate services for editing photos, exercising, cleaning up storage space on your device, and providing daily horoscopes, analysts say. malware from Dr. Web said in a publication this week. In reality, it was all complex to trick users into sharing their Facebook usernames and passwords.

Here’s how the diet worked: Each offered users the possibility of unlock all application functions and Get rid of in-app ads by logging into their Facebook accounts, which probably wouldn’t raise too many eyebrows as many mobile services allow you to sync your social media accounts. By choosing this option, the applications would then load a legitimate Facebook login page containing fields for entering usernames and passwords. Regardless of the users entered into these forms, they would be taken directly to a computer controlled by the hackers, called a command and control server, via cleverly concealed malicious code, the researchers at Dr Web wrote:

These Trojans used a special mechanism to deceive their victims. After receiving the necessary settings from one of the C&C servers during launch, they loaded the legitimate Facebook webpage. in WebView. Then they loaded the JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the login credentials entered. After that, this JavaScript, using the methods provided via the JavascriptInterface annotation, passed the stolen login and password to the Trojan applications, which then forwarded the data to the attackers’ C&C server. Once the victim logged into their account, the Trojans also stole the cookies from the current authorization session. These cookies were also sent to cybercriminals.

Analysts have discovered a total of 10 malicious Trojan applications, nine of which were previously available on the Google Play Store. By far, two applications posing as photo editing services accounted for the most downloads: PIP Photo with over 5 million installs and Processing Photo with over 500,000. Three other applications recorded over 100,000 downloads each.

If you’ve downloaded any of the apps listed below, you should consider updating your Facebook login information immediately and checking your other online accounts for any fraudulent activity:

  • Photo processing
  • PIP photo
  • Garbage Cleaner
  • App Lock Keep
  • Application lock manager
  • Master Lockit
  • Horoscope Pi
  • Daily horoscope
  • Inwell Fitness

Analysts identified five variants of malware hidden in these apps: Android.PWS.Facebook.13, Android.PWS.Facebook.14 and Android.PWS.Facebook.15, which are native to Android apps, and Android.PWS.Facebook. 17 and Android.PWS.Facebook.18, which uses Google’s Flutter framework designed for cross-platform compatibility. Since they all use almost identical methods, codes and file formats to steal user data, Dr. Web classifies all five of them as the same Trojan horse.

These nine apps no longer appear in Play Store search results. A Google spokesperson told Ars Technica that the developers behind these apps have also been banned, barring them from submitting new apps.

Comments are closed.