The WandMan logo
Security

Android apps caught stealing Facebook credentials

The WandMan Team July 7, 2021 0 1 min read
1,039

Stay alert, people.

With ever-increasing technology and innovation, security has become a key factor to prevent online cyber-attacks and data breaches.

Android is the most popular mobile OS in the world and is used by billions of users every day. Often targeted by hackers for its popularity and usage, Google always makes sure it tackles this ever-growing threat against Android.

Malware apps again?

Now Google has intervened once again to remove nine Android apps that are downloaded more than 5.8 million times from the Android Play Store.

These apps were caught red-handed for stealing users’ Facebook login credentials.

Researchers from Dr.Web pointed out that,

The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts

The nine apps that were removed are as follows,

  • PIP Photo (>5,000,000 installs)
  • Processing Photo (>500,000 installs)
  • Rubbish Cleaner (>100,000 installs)
  • Horoscope Daily (>100,000 installs)
  • Inwell Fitness (>100,000 installs)
  • App Lock Keep (50,000 installs)
  • Lockit Master (5,000 installs)
  • Horoscope Pi (>1,000 installs)
  • App Lock Manager (10 installs)
Credential Stealing Apps
Credential Stealing Apps

How do they steal FB credentials?

These credential-stealing apps which are disguised as photo-editing, optimizer, fitness, and astrology apps, trick the victims into logging into their Facebook accounts and hijack the entered credentials via a piece of JavaScript code received from an adversary-controlled server.

The prompts for Facebook login will appear when the victim is forced to use the login method to enjoy the full version or features of these apps.

Credential Stealing Apps

While this specific stealing malware appears to have set its sights on Facebook accounts, Dr. Web researchers cautioned that this attack could have been easily expanded to load the login page of any legitimate web platform with the goal of stealing logins and passwords from a variety of services.

We advise our readers to uninstall these nine apps from their Android devices.

Also a gentle reminder, please try installing apps only from known and trusted developers in the Google PlayStore.

Not to mention, watch out for permissions requested by the apps and pay attention to other user reviews prior to installation.

Thanks for reading and I hope it was worth your time.

If you liked it, please share it with your family and friends. Subscribe to our newsletter for more awesome content and news.

Follow our Facebook and Twitter page for more contents and news.

Via

Author

The WandMan Team

See author's posts

Tags :

The WandMan Team

View More Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

CVS faces one of the biggest data breaches

American healthcare company CVS is facing one of the biggest data breaches ever in the history of mankind.

June 22, 2021 0 1 min read

Air India hit with massive data breach

Air India has announced that it’s customer data including credit cards, passports and phone numbers have been leaked in a massive cyber-attack on its data processor that happened this February 2021.

May 22, 2021 0 1 min read

How to increase your Wi-Fi connection speed in your PC ?

We are going to list down a few simple tips that will speed up your Wi-Fi connection speeds on Windows 10.

June 9, 2021 0 2 min read

Google’s misdirection to its users is a disgrace

Software giant Google is facing allegations of misdirecting users by making it difficult to hide their location data from the company.

June 7, 2021 0 1 min read