Google has identified and removed 9 Android apps, which together have been downloaded more than 5.8 million times, from the Play Store. During a security check, the apps were caught secretly stealing users’ Facebook credentials. This is reported by various online magazines including ArsTechnica. The fraudulent apps were discovered by a security team at Dr. Web antivirus.
“The applications were fully functional, which should weaken the vigilance of the potential victims. In order to access all functions of the apps and supposedly also to deactivate in-app advertising, users were asked to log into their Facebook account.” According to the security researchers at Dr. Web. “The advertising within some of the apps was actually there, and this maneuver was supposed to get Android device owners to take the requested actions.”
The apps masked their malicious intent by disguising themselves as photo editing, tweaking, fitness, and astrology programs, only to get victims to log into their Facebook accounts. Then the login details entered were hijacked using JavaScript code and sent to a server controlled by the fraudsters using a Trojan. It is not yet known whether other information was also stolen in the process. After Dr. Web removes the apps.
The apps went unnoticed in the Google PlayStore for months. In order to permanently remove the apps, users have to manually delete them themselves. While this particular campaign targeted Facebook accounts, the Dr. Web researchers said this attack could easily be extended to load the login page of any legitimate web platform with the aim of stealing logins and passwords from a variety of services.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
