Google has removed 9 apps due to them containing malicious code that steals users’ Facebook usernames and passwords. In total, the apps have clocked more than 5.8 million downloads.
Here’a a list of all the apps, with their respective download counts:
- PIP Photo (5,000,000+ downloads)
- Processing Photo (500,000+ downloads)
- Rubbish Cleaner (100,000+ downloads)
- Inwell Fitness (100,000+ downloads)
- Horoscope Daily (100,000+ downloads)
- App Lock Keep (50,000+ downloads)
- Lockit Master (5,000+ downloads)
- Horoscope Pi (1,000+ downloads)
- App Lock Manager (10 downloads)
Google has since removed these apps from the Play Store and banned the developers from ever submitting another application (although the hackers can simply pay a small fee for another developer account and submit more malware).
Here’s how it worked: These apps look innocent on the surface. They function just like regular photo editing, horoscope, or device cleaning apps, but some functions are locked. To unlock all of the functions, the user must log into their Facebook account. The app then takes your username and password, and sends it to cybercriminals.
As explained by security firm Dr. Web, the scheme uses a special mechanism that uses a ‘command-and-control’ server. The credentials entered by the user get automatically sent to this C&C server, where they use JavaScript to get the data from the actual Facebook login page. They also collect cookies from the same session.
There have been 5 malware variants identified within the apps:
- Android.PWS.Facebook.13
- Android.PWS.Facebook.14
- Android.PWS.Facebook.15
- Android.PWS.Facebook.17
- Android.PWS.Facebook.18
Dr. Web says that are all the same trojan.
If you think you have downloaded one of these apps, consider changing your Facebook password. If you tend to use the same password for multiple websites and services, I highly recommend getting a password manager and changing all your passwords to be distinct and randomly generated. This way, if a hacker gets to one of your accounts, they won’t be able to use that information for anything else. Lastly, enabling two-factor authorization whenever possible can greatly boost the security of your online accounts.
[ SOURCE ]
