Android apps have been detected stealing users’ Facebook passwords

Android apps have been detected stealing users' Facebook passwords

Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company’s Play Store after the apps were caught furtively stealing users’ Facebook login credentials.

“The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts,” researchers from Dr. Web said. “The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions.”

The offending apps masked their malicious intent by disguising as photo-editing, optimizer, fitness, and astrology programs, only to trick victims into logging into their Facebook accounts and hijack the entered credentials via a piece of JavaScript code received from an adversary-controlled server.

he list of apps are as follows –

PIP Photo (>5,000,000 installs)
Processing Photo (>500,000 installs)
Rubbish Cleaner (>100,000 installs)
Horoscope Daily (>100,000 installs)
Inwell Fitness (>100,000 installs)
App Lock Keep (50,000 installs)
Lockit Master (5,000 installs)
Horoscope Pi (>1,000 installs)
App Lock Manager (10 installs)

In the last link of the attack, the stolen information was exfiltrated to the server using the trojanized applications.

The latest disclosure comes days after Google announced new measures for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and verify their contact details as part of its ongoing efforts to combat scams and fraudulent developer accounts.

If anything, the development is yet another reminder that users are better off served by installing apps from known and trusted developers, not to mention watch out for permissions requested by the apps and pay attention to other user reviews prior to installation.

[The Hacker News]

Other posts

Ubisoft: No personal data leaked in recent cybersecurity incident

16/03/2022 No Comments

The hacking group Lapsus $ is probably behind the attack. The hacking group Lapsus $ from South America has claimed responsibility for another intrusion. Last Thursday, Ubisoft reported that it had suffered a “cyber security

Israel says government sites targeted by cyberattack

16/03/2022 No Comments

“In the last few hours, a denial of service [DDoS] attack has been identified on a communications provider which, as a result, has for a short time prevented access to a number of sites, including

Building a strong cybersecurity ecosystem at the heart of discussions at the Informal Meeting of European Telecommunications Ministers

11/03/2022 No Comments

The Informal Meeting of Ministers of Telecommunications took place on March 8 and 9, 2022, under the French Presidency, in the cities of Paris and Nevers, France. Cyprus was represented by the Deputy Minister of