Image Source: Getty Images
Google has removed 9 Android apps from the Google Play Store for stealing users’ login credentials. The malware apps had over 5.8 million combined downloads and were sneakily stealing users’ Facebook login details. These trojans were discovered by analysts of security firm Dr.Web.
According to reports, the apps provided fully functioning services for photo editing, exercise and training, horoscopes, and removal of junk files from Android devices to gain users’ trust. The apps tricked users by loading a legitimate Facebook page. Next, they loaded JavaScript received from the Command and Control server into the same WebView to hijack the entered login credentials. After the victim logged into their account, the trojans also stole cookies from the current authorization session. There were five malware variants in the mix, but all of them used the same JavaScript code and configuration file formats to swipe information.
The malware apps had over 5.8 million combined downloads as they had catchy and easy-to-find titles.
The nine Android apps removed for stealing Facebook credentials were
- Processing Photo
- App Lock Keep
- Rubbish Cleaner
- Horoscope Daily
- Horoscope Pi
- App Lock Manager
- Lockit Master
- Inwell Fitness
- PiP Photo
It is crazy to think apps like this managed to slip through Google’s defenses and racked up downloads volume that high. Analysts of Doctor Web recommend all android users to install apps through the trusted developers. It’s always wise to not proceed any further if a suspicious app asks you to log in to your account.
Some recently launched smartphones:
- Poco F3 launched in Nepal | Price and Specifications
- OnePlus Nord CE 5G Price in Nepal | Specifications and Features
- Xiaomi Mi 11 launched in Nepal | Price and Specifications
- Poco X3 Pro launched in Nepal
- OnePlus 9 launched in Nepal | Price and Specifications
-original.webp)
-original.webp)
-original.webp)
-original.webp)
