Android apps caught stealing users’ Facebook login details

Android apps caught stealing users’ Facebook login details

Nine Android apps that have been downloaded more than 5.8 million times from Google’s Play Store were discovered to have been stealing users’ Facebook login details.

The apps appeared to be photo-editing, fitness, and astrology-related applications and offered real in-app features which caused victims to trust them. Users fell victim to these apps under the rouse that they would be able to disable in-app advertisements and unlock more features by logging into their Facebook accounts. These apps would then hijack the entered login details using a piece of JavaScript code received from an adversary-controlled server.

Security firm Doctor Web published a report that identifies these 9 trojan apps, and Google has since removed them from the Play Store. Google has also banned the developers of these apps, which means they are unable to submit any new apps.

“The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts,” researchers from Dr. Web stated. “The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions.”

Here is the list of malicious apps mentioned in the report:

  • PIP Photo (>5,000,000 installs)
  • Processing Photo (>500,000 installs)
  • Rubbish Cleaner (>100,000 installs)
  • Horoscope Daily (>100,000 installs)
  • Inwell Fitness (>100,000 installs)
  • App Lock Keep (50,000 installs)
  • Lockit Master (5,000 installs)
  • Horoscope Pi (>1,000 installs)
  • App Lock Manager (10 installs)

If you have any of these applications installed on your phone, it is advisable to uninstall them and change your Facebook login details.

Although this campaign specifically targeted Facebook accounts, Dr. Web researchers have warned that this attack could have been easily expanded to load the login page of any legitimate web platform to steal login details from a variety of services.

Copyright Lyonsdown Limited 2021

Top Articles

Is your security in need of an update this Cybersecurity Awareness month?

Cyber security experts tell teiss about the evolving threat landscape and how organisations can bolster their cyber security defenses

A new case for end-to-end encryption

How a hacker group got hold of calling records and text messages deploying highly sophisticated tools that show signs of originating in China

Telcos in Europe put muscle behind firewalls as SMS grows

Messaging is set to be one of the biggest traffic sources for telcos worldwide prompting them to protect loss of revenue to Grey Route practices 

Related Articles

[s2Member-Login login_redirect=”” /]¬†