Google has identified and removed 9 Android apps, which together have been downloaded more than 5.8 million times, from the Play Store. During a security check, the apps were caught secretly stealing users’ Facebook credentials. This is reported by various online magazines including ArsTechnica. The fraudulent apps were discovered by a security team at Dr. Web antivirus.
“The applications were fully functional, which should weaken the vigilance of the potential victims. In order to access all functions of the apps and supposedly also to deactivate in-app advertising, users were asked to log into their Facebook account.” According to the security researchers at Dr. Web. “The advertising within some of the apps was actually there, and this maneuver was supposed to get Android device owners to take the requested actions.”
Android Apps List
- PIP Photo (> 5,000,000 installations)
- Processing Photo (> 500,000 installations)
- Rubbish Cleaner (> 100,000 installations)
- Daily horoscope (> 100,000 installations)
- Inwell Fitness (> 100,000 installations)
- App Lock Keep (50,000 installs)
- Lockit Master (5,000 installations)
- Horoscope Pi (> 1,000 installations)
- App Lock Manager (10 installations)
Users have to delete the apps themselves
The apps went unnoticed in the Google PlayStore for months. In order to permanently remove the apps, users have to manually delete them themselves. While this particular campaign targeted Facebook accounts, the Dr. Web researchers said this attack could easily be extended to load the login page of any legitimate web platform with the aim of stealing logins and passwords from a variety of services.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.