These 9 Android Apps Could Have Stolen Your Facebook Login Details

Shariq TahirWeb Editor

05th Jul, 2021. 12:43 pm
These 9 Android Apps Could Have Stolen Your Facebook Login Details

Nine trojan apps with an approx of 5.8 million downloads have been removed from Google’s Play Store.

According to the Russian anti-virus software firm Dr. Web, Google has removed nine Android apps with a total of more than 5.8 million downloads from its Play Store after researchers discovered they contained malicious code designed to steal users’ Facebook login credentials.

According to Ars Technica, these trojan apps were built to seem and behave like legitimate services for photo editing, exercising, freeing up storage space on your smartphone, and offering daily horoscopes, according to Dr. Web’s malware analysts in a post this week. In actuality, this was all a scam to trick users into disclosing their Facebook identities and passwords.

Here’s how the plan worked: Each offered users the option to unlock all of the apps’ capabilities and remove in-app advertisements by signing into their Facebook accounts, which is unlikely to raise many questions given that many mobile services allow you to sync your social network accounts.

When you select this option, the applications will load a real Facebook login page with fields for entering usernames and passwords. Dr. Web experts noted that everything users typed into these forms would be sent directly to a computer-controlled by the hackers, known as a command-and-control server, via some cleverly concealed malicious code.

If you downloaded any of the following apps, you should immediately update your Facebook login details and check your other online accounts for fraudulent activity:

  • Processing Photo
  • PIP Photo
  • Rubbish Cleaner
  • App Lock Keep
  • App Lock Manager
  • Lockit Master
  • Horoscope Pi
  • Horoscope Daily
  • Inwell Fitness

Analysts discovered five malware variants hidden within these apps: Android.PWS.Facebook.13, Android.PWS.Facebook.14, and Android.PWS.Facebook.15, which are native to Android apps, and Android.PWS.Facebook.17 and Android.PWS.Facebook.18, which uses Google’s Flutter framework for cross-platform compatibility.

Dr. Web defines all five as the same trojan since they employ essentially identical methods, codes, and file formats to steal user data.

All nine of these apps have removed from the Play Store search results. According to a Google spokesperson, the developers behind these apps have also been banned, preventing them from submitting new apps.

Adsense 300 x 250