Users should be wary of these 9 apps.
The story of the security of the Google Play Store app market was once again mentioned, when up to 9 Android apps with millions of downloads were found to secretly steal users’ Facebook passwords.
Privacy, user data and data collection apps are hot topics lately. Recently there was another such incident.
Security researchers have recently discovered nine malicious Android apps that are helping hackers steal users’ Facebook passwords.
According to a company specializing in Russian IT security solutions named Dr. Web, Android applications were found to be disguised as legitimate applications. Some camouflage applications provide basic photo editing features, customize the screen.
But few expected, these applications were created to steal users’ Facebook passwords. Of course, Google was informed of this and the apps have now been removed from the Google Play Store.
A Google spokesperson said the company has banned developers of the nine apps from submitting new apps. That’s the right thing for Google to do. However, it is only a small hurdle as developers only need to register a new developer account with a different name for a fee of 25 USD.
One of the common password-stealing tactics of these applications is to lure users into logging into their Facebook accounts to “remove ads”. So the user himself accidentally gave away their Facebook account and password to the bad guys without even knowing it.
Apps may have passed the Google Play Store review process because they act as an ad-filled app. It shows a legitimate Facebook login page in a WebView app but with extra Javascript to intercept user credentials.
Describing the scams of these apps, Dr.Web explains:
“These trojans use a special mechanism to trick victims. After receiving the necessary settings from one of the C&C servers, the bad guy will upload the legitimate Facebook website with the address https://www.facebook.com/login.php onto the WebView. Next, they load the JavaScript received from the C&C server into the same WebView. This script is used directly to hijack user credentials.
The JavaScript then uses special methods to pass the stolen logins and passwords to the trojan apps, which in turn pass the data to the attacker’s C&C server. After the victim logged into their account, the trojan also stole cookies from the current authorized session. And then that cookie will also be sent to cybercriminals.”
So if you’ve ever downloaded any of the 9 apps below, change your Facebook password immediately. Furthermore, change the password for all accounts that match your Facebook password.
– PIP Photo: more than 5.8 million downloads
– Processing Photo: more than 500,000 downloads
– Rubbish Cleaner: more than 100,000 downloads
– Inwell Fitness: more than 100,000 downloads
– Horoscope Daily: more than 100,000 downloads
– App Lock Keep: more than 50,000 downloads
– Lockit Master: more than 5,000 downloads
– Horoscope Pi: 1,000 downloads
– App Lock Manager: 10 downloads
Follow: Game News Page
Source link: Beware of 9 “accused” apps for stealing Facebook passwords
– Emergenceingames.com