Home » Technology » Apps » These 9 Android Apps Were Stealing Facebook Passwords, Google Exposed Them

These 9 Android Apps Were Stealing Facebook Passwords, Google Exposed Them

3 years ago Yasir Zeb

Google has identified and removed 9 Android apps, which together have been downloaded more than 5.8 million times, from the Play Store. During a security check, the apps were caught secretly stealing users’ Facebook credentials. This is reported by various online magazines including ArsTechnica. The fraudulent apps were discovered by a security team at Dr. Web antivirus.

“The applications were fully functional, which should weaken the vigilance of the potential victims. In order to access all functions of the apps and supposedly also to deactivate in-app advertising, users were asked to log into their Facebook account.” According to the security researchers at Dr. Web. “The advertising within some of the apps was actually there, and this maneuver was supposed to get Android device owners to take the requested actions.”

The apps masked their malicious intent by disguising themselves as photo editing, tweaking, fitness, and astrology programs, only to get victims to log into their Facebook accounts. Then the login details entered were hijacked using JavaScript code and sent to a server controlled by the fraudsters using a Trojan. It is not yet known whether other information was also stolen in the process. After Dr. Web removes the apps.

Android Apps List

  • PIP Photo (> 5,000,000 installations)
  • Processing Photo (> 500,000 installations)
  • Rubbish Cleaner (> 100,000 installations)
  • Daily horoscope (> 100,000 installations)
  • Inwell Fitness (> 100,000 installations)
  • App Lock Keep (50,000 installs)
  • Lockit Master (5,000 installations)
  • Horoscope Pi (> 1,000 installations)
  • App Lock Manager (10 installations)

Users have to delete the apps themselves

The apps went unnoticed in the Google PlayStore for months. In order to permanently remove the apps, users have to manually delete them themselves. While this particular campaign targeted Facebook accounts, the Dr. Web researchers said this attack could easily be extended to load the login page of any legitimate web platform with the aim of stealing logins and passwords from a variety of services.

Tags: , , ,

More Stories

You can now create AI playlists with prompts on Spotify

2 weeks ago Research Snipers
YouTube Shorts

An all-new Shorts carousel is being tested by YouTube

4 weeks ago Research Snipers

The Global Youth Council is Announced by TikTok to address concerns about teens online safety

4 weeks ago Research Snipers

Today’s Latest

Barcelona Council Asks Google To Remove Bus Route From Google Maps

5 hours ago Research Snipers
TP Link

TP-Link Releases Dual Band Wi-Fi 7 Router

2 days ago Research Snipers
CPU Z80

Classic CPU 🖥 Z80 Is Now Discontinued

3 days ago Yasir Zeb
Samsung Green line

Samsung Smartphones 📱 Get Display Problem 🔍 With Green Line

3 days ago Yasir Zeb
Office

Microsoft Starts Public Preview of Office LTSC 2024

6 days ago Yasir Zeb

Netflix Acquires New Customers And Shows Strong Growth

6 days ago Yasir Zeb

Samsung Galaxy S25 Still Offers 8GB Standard Memory

1 week ago Research Snipers
vivo x100 ultra

Vivo X100 Ultra Comes With Powerful Imaging Capabilities

1 week ago Yasir Zeb

Apple Releases Second Beta of iOS 17.5 Testing Changes For EU

1 week ago Yasir Zeb

Netflix To Bring More Original Content Rather Than Films

1 week ago Yasir Zeb