Android as an operating system is incredibly versatile. Since it is open-source software, it means that a lot of companies can develop apps for billions of users. It is a huge ecosystem that provides apps for almost anything.
But just as there are millions of useful applications, some developers try to cheat the system by making apps with unsavory intent. Google has in the past clamped down on malicious apps that harbor malware, but it’s nearly impossible to catch them all.
Android users rely on security researchers to weed out the bad apples and alert us about any dangers for those situations. Well, a collection of doozies has just been caught stealing Facebook passwords.
Here’s the backstory
Antivirus company Dr. Web recently conducted a thorough analysis of several Android apps and discovered some serious flaws. Most of them were designed to steal Facebook passwords and have been downloaded more than five million times.
“In total, our specialists uncovered 10 of these trojan apps. Of them, nine were available on Google Play. Upon Doctor Web’s specialist report to Google, part of these malicious applications was removed from Google Play. However, some apps were still available for download,” Dr. Web explained.
How the malware works
To an average Android user, the apps in question would look and work like regular applications. They were fully functional but had a nasty trick up their sleeve. To unlock all the features in the app, users had to log in to their Facebook accounts.
While the Trojan stole Facebook login details, the script could have easily been changed to pilfer Gmail details or other social media information. Where did it come from? Well, the attackers might have left one clue behind.
The updated version of the Trojan had extra functionality that allowed it to output the data into the log in Chinese. That points to a possible origin of the malware.
Delete these Facebook login stealing apps now
The cybersecurity company also found an app that had previously been reported to Google and had been removed. The app returned in a new form but continued to steal personal information.
Here are the apps infected with the Facebook login stealing Trojan:
The photo editing app had been downloaded over 50,000 times.
App Lock Keep, Lockit Master and App Lock Manager
These applications were used to lock down access to certain apps on the user’s phones. The same Trojan was found in Processing Photo.
The app promised to optimize the Android device performance. It was downloaded over 100,000 times.
Horoscope Daily and Horoscope Pi
Both apps featured daily horoscopes developed by Talleyr Shauna. The Trojan is the same as the previously mentioned apps and had been downloaded 100,000 times.
A fitness application that featured weight training programs and exercise plans. It had also been downloaded more than 100,000 times.
Another photo editing app that had been downloaded a whopping 5 million times. It had two different Trojan embedded into its code.