Table of Contents
Nine Android apps were removed from Google Play after hackers found they stole Facebook login credentials from users. The apps had been downloaded over 5.8 million times. One of them had over five million downloads!
Researchers from Dr. Web said:
“The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts. The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions.”
The list of apps is as follows:
- PIP Photo (>5,000,000 installs)
- Processing Photo (>500,000 installs)
- Rubbish Cleaner (>100,000 installs)
- Horoscope Daily (>100,000 installs)
- Inwell Fitness (>100,000 installs)
- App Lock Keep (50,000 installs)
- Lockit Master (5,000 installs)
- Horoscope Pi (>1,000 installs)
- App Lock Manager (10 installs)
A trojanized application was used to exfiltrate the stolen information to the server in the last link of the attack.
Even though this particular campaign seemed to focus on Facebook accounts, Dr. Web researchers cautioned that this attack could have easily been taken in order to load any legitimate login page on any web platform and thereby steal login details and passwords for various services.
Google’s initiative to eliminate scams about Facebook password
Google released this disclosure just days after it announced new measures for the Play Store, including the requirement for developers to activate 2-Step Verification (Tokens), provide an address, and verify their contact details as part of its ongoing effort to combat scams and fraudulent developer accounts.
Even with the recent development, users should remember they are better served by installing apps from known and trusted developers, not to mention watching out for permission requests and reading other user reviews before installing any app