These Android apps could have stolen your Facebook password

Google pulled nine Android apps with a total of over 5.8 million downloads from the Playstore. Researchers have found that these apps can steal their users’ Facebook credentials.

The Security experts from Dr. the web I identified nine Android apps that at first glance provided useful services, but in the end are only available theft The Facebook access data of their users were interested. In order to increase the confidence of users and lower the level of vigilance, the applications have implemented full-functional photo editing, fitness, horoscope and junk file removal services.

The attackers stole Facebook data

All selected apps offered users the option to opt out of in-app ads by logging into their Facebook account. Users who chose this option were presented with a real Facebook login form with fields for entering usernames and passwords.

What was particularly insidious about the action was that the login page actually represented the original Facebook page in Webview. In order to access user data, the attackers downloaded their own data JavaScript In the same web view. This script was only tasked with accessing the entered data and sending it to the attackers. After successfully logging in to Facebook, Javascript also stole cookies from the current authorization session. These cookies are also sent to cybercriminals.

Malware analysis by Dr. The web revealed that while apps were limited to stealing login information and passwords from Facebook accounts. However, the attackers could easily have changed the apps’ settings and instructed them to load another service’s website. According to Dr. It was even possible for the web to use a completely fake registration form found on a phishing site. Applications can be used to steal login information and passwords from any service.

Almost done!

Please click the link in the confirmation email to complete your registration.

Would you like more information about our newsletter?
Find out more now

9 Apps Have 5 Different Kinds Of Malware, But One Purpose

In the nine Android apps, Dr. Web experts have five different types of malware. Three of them were original Android apps that the other two used Flutter frame from Google. Despite their technical differences, Dr. The web rated them all as having the same action.

The most successful Trojan horse application called PIP Photo. It has been downloaded alone more than five million times. Another photo editing app called Image Processing follows in second place with over 500,000 downloads. Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoskop Pi, and App Lock Manager were also affected with about 100,000 downloads and below.

Google removes apps and bans developers

Meanwhile, Google has not only removed all these apps from Playstore but has also deleted the developer accounts of their players. Therefore, in theory, they cannot offer new applications. On the other hand, the barriers to creating new accounts are very low. Therefore, cybercriminals can simply create a new developer account with a different name for a one-time fee of $25.

If you are familiar with one of the mentioned apps, you should now see if there are any signs that your Facebook account may be giving unauthorized access. In any case, it does not hurt to change the account password. It also makes more and more sense to choose a malware scanner and install the corresponding application on your own device.

You may also be interested in it

See also  Android Rundschau KW 48/21 with Microsoft Launcher, Edge, Office and OneDrive › Dr. windows

Leave a Reply

Your email address will not be published. Required fields are marked *