California: In a crack down on malicious applications that were stealing its users’ data, Google has removed nine Android apps with over 5.8 million downloads on the Google Play store after it was found these apps stole user’s Facebook login credentials. All apps offered legitimate services and were downloaded more than 5 million times.
The research firm describes the exploit mechanism as below:
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView.
After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”
The report goes on to add that Google had only removed some of these apps from the Play store, as of July 1, 2021, when the report went live.
PIP Photo app was the most downloaded among these apps, with 5 million downloads of its own.
Nine malicious apps caught stealing users’ FB logins and passwords:
And here are the five malware variants that researchers at Dr. Web identified inside the apps.
Google has since removed these apps from the Play Store and has also banned the publishers of all nine apps from the platform, so they can’t publish any new apps. In case you have installed any of these apps on your Android device and used the Facebook login option, uninstall them immediately and make sure to reset your Facebook password and unauthorize these apps from your Facebook account.