Tech News

Android apps steal Facebook passwords

Pinterest LinkedIn Tumblr

Google has intervened to remove nine Android apps that have been downloaded more than 5.8 million times from the company’s App Store after it stole users’ Facebook login data.

And theHe said Researchers from Dr. Web: The apps were fully functional, which should distract potential victims.

As a result, the apps required users to log into their Facebook account in order to access all functionality and disable in-app ads.

Read also: America accuses three people of stealing a billion emails

In-app ads were present, and the move was intended to further encourage Android device owners to take action.

In addition, the offensive apps hid their purpose by masquerading as photo editing, optimization, fitness, and astrology programs.

The apps tried to trick victims into logging into their Facebook accounts and steal data entered via a piece of JavaScript code.

The list of applications is as follows:

  • PIP Photo (5 million+ installs)
  • Processing Photo (more than 500,000 installs)
  • Rubbish Cleaner (100K installs)
  • Horoscope Daily (100K installs)
  • Inwell Fitness (more than 100,000 installs)
  • App Lock Keep (50K+ installs)
  • Lockit Master (more than 5 thousand installs)
  • Horoscope Pi (more than a thousand installs)
  • App Lock Manager (10 installs)

Android apps that steal passwords

The stolen information was transferred to the server using Trojan applications. And while it appears that this specific campaign has set its sights on Facebook accounts. The researchers warned Dr. Web from the possibility of extending the attack. By uploading the login page of any other platform on the web with the aim of stealing login information and passwords from a variety of services.

Read also: Qualcomm accuses Apple of stealing confidential information to help Intel

The latest disclosure comes days after Google announced new measures for the Android app store, including requiring developer accounts to turn on two-factor authentication, provide an address, and verify contact details as part of its ongoing efforts to combat fraud and fraudulent developer accounts.

Read also: Online spies targeted India and the Dalai Lama

This incident is a reminder that users should install apps from well-known and trusted developers. Moreover, you should pay attention to the permissions requested by the applications. In addition, pay attention to the reviews of other users before installation.

Read also: Asus steals the spotlight from Apple in the PC efficiency survey

Have an article/sponsored post to share? Whatsapp: +2348129656985.

Notify of
Inline Feedbacks
View all comments
Pin It