1. Home
  2. Tech
  3. Google removes nine apps for stealing users’ FB logins and passwords

Google removes nine apps for stealing users’ FB logins and passwords

By Saima Siddiqui 
Updated Date
Google removes nine apps for stealing users’ FB logins and passwords

California: In a crack down on malicious applications that were stealing its users’ data, Google has removed nine Android apps with over 5.8 million downloads on the Google Play store after it was found these apps stole user’s Facebook login credentials. All apps offered legitimate services and were downloaded more than 5 million times.

Also Read :- Google,Facebook: Vaccination is mandate as a condition, if returning back to office

As uncovered by security researchers at Security firm Doctor Web (via ArsTechnica), these malicious trojan apps used a special mechanism to trick users into handing over their Facebook credentials by offering photo editing and app lock features. The apps lured users into disabling in-app advertisements by linking their Facebook profiles. When the user went to link their profile, they saw a genuine form asking them to enter their Facebook username and password. The Facebook page loaded into Android WebView itself was legitimate. However, the researchers discovered that hijackers also loaded malicious JavaScript into the same WebView to steal user data.

This script was directly used to highjack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

The research firm describes the exploit mechanism as below: 

“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. 

Also Read :- EU has given Google 2 months to improve hotel, flight search results

Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials.

After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. 

After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”

The report goes on to add that Google had only removed some of these apps from the Play store, as of July 1, 2021, when the report went live. 

PIP Photo app was the most downloaded among these apps, with 5 million downloads of its own. 

Also Read :- YouTube hits major 10 billion download milestone on Google Play Store

Nine malicious apps caught stealing users’ FB logins and passwords:

  1. PIP Photo (5,000,000+ downloads)
  2. Processing Photo (500,000+ downloads)
  3. Rubbish Cleaner (100,000+ downloads)
  4. Inwell Fitness (100,000+ downloads)
  5. Horoscope Daily (100,000+ downloads)
  6. App Lock Keep (50,000+ downloads)
  7. Lockit Master (5,000+ downloads)
  8. Horoscope Pi (1,000 downloads)
  9. App Lock manager (10 downloads)

And here are the five malware variants that researchers at Dr. Web identified inside the apps.

-Android.PWS.Facebook.13

-Android.PWS.Facebook.14

-Android.PWS.Facebook.15

-Android.PWS.Facebook.17

Also Read :- Google Meet enforces time restriction on group calls, Know all about it

-Android.PWS.Facebook.18

Google has since removed these apps from the Play Store and has also banned the publishers of all nine apps from the platform, so they can’t publish any new apps. In case you have installed any of these apps on your Android device and used the Facebook login option, uninstall them immediately and make sure to reset your Facebook password and unauthorize these apps from your Facebook account.

Further reading:
For the latest news and reviews, follow us on Facebook and Twitter ...
X