Categories: Digital LifeTech

These Android apps might have stolen your Facebook password

Google has removed 9 apps due to them containing malicious code that steals users’ Facebook usernames and passwords. In total, the apps have clocked more than 5.8 million downloads.

Here’a a list of all the apps, with their respective download counts:

  • PIP Photo (5,000,000+ downloads)
  • Processing Photo (500,000+ downloads)
  • Rubbish Cleaner (100,000+ downloads)
  • Inwell Fitness (100,000+ downloads)
  • Horoscope Daily (100,000+ downloads)
  • App Lock Keep (50,000+ downloads)
  • Lockit Master (5,000+ downloads)
  • Horoscope Pi (1,000+ downloads)
  • App Lock Manager (10 downloads)

Google has since removed these apps from the Play Store and banned the developers from ever submitting another application (although the hackers can simply pay a small fee for another developer account and submit more malware).

Here’s how it worked: These apps look innocent on the surface. They function just like regular photo editing, horoscope, or device cleaning apps, but some functions are locked. To unlock all of the functions, the user must log into their Facebook account. The app then takes your username and password, and sends it to cybercriminals.

As explained by security firm Dr. Web, the scheme uses a special mechanism that uses a ‘command-and-control’ server. The credentials entered by the user get automatically sent to this C&C server, where they use JavaScript to get the data from the actual Facebook login page. They also collect cookies from the same session.

There have been 5 malware variants identified within the apps:

  • Android.PWS.Facebook.13
  • Android.PWS.Facebook.14
  • Android.PWS.Facebook.15
  • Android.PWS.Facebook.17
  • Android.PWS.Facebook.18

Dr. Web says that are all the same trojan.

If you think you have downloaded one of these apps, consider changing your Facebook password. If you tend to use the same password for multiple websites and services, I highly recommend getting a password manager and changing all your passwords to be distinct and randomly generated. This way, if a hacker gets to one of your accounts, they won’t be able to use that information for anything else. Lastly, enabling two-factor authorization whenever possible can greatly boost the security of your online accounts.

[ SOURCE ]

Recent Posts

Gentari: Beware of 3rd party EV charging promotions

Gentari has released a statement to address the recent discounted Gentari Go EV charging service…

11 hours ago

Xiaomi TV Stick 4K Second Gen: Google TV on a stick, priced at RM219

Want to convert almost any TV with an HDMI port into a Google TV? Xiaomi…

2 days ago

Sony WF-1000XM6: 25% better noise cancelling and improved Bluetooth connectivity, pre-order now for RM1,249

Sony has introduced the Sony WF-1000XM6 in Malaysia, its latest flagship truly wireless earbuds under…

2 days ago

GWM Wey G9 PHEV: The latest Alphard fighter in Malaysia, locally assembled in Melaka

More than a year after it was first previewed at the KL International Mobility Show…

2 days ago

Google Pixel 10a coming to Malaysia on 5 March: Priced from RM2,299

Google has officially announced its latest smartphone, the Pixel 10a. The new model joined other…

2 days ago

Gentari turns on 200kW DC Charger at Petronas Penchala Link (Damansara Bound)

Ahead of the Chinese New Year holiday, Gentari has upgraded its existing EV charging station…

5 days ago

This website uses cookies.