9 apps caught stealing Facebook passwords – Delete them now

9 apps caught stealing Facebook passwords - Delete them now
© Dolphfyn | Dreamstime.com

Android as an operating system is incredibly versatile. Since it is open-source software, it means that a lot of companies can develop apps for billions of users. It is a huge ecosystem that provides apps for almost anything.

But just as there are millions of useful applications, some developers try to cheat the system by making apps with unsavory intent. Google has in the past clamped down on malicious apps that harbor malware, but it’s nearly impossible to catch them all.

Android users rely on security researchers to weed out the bad apples and alert us about any dangers for those situations. Well, a collection of doozies has just been caught stealing Facebook passwords.

Here’s the backstory

Antivirus company Dr. Web recently conducted a thorough analysis of several Android apps and discovered some serious flaws. Most of them were designed to steal Facebook passwords and have been downloaded more than five million times.

“In total, our specialists uncovered 10 of these trojan apps. Of them, nine were available on Google Play. Upon Doctor Web’s specialist report to Google, part of these malicious applications was removed from Google Play. However, some apps were still available for download,” Dr. Web explained.

How the malware works

To an average Android user, the apps in question would look and work like regular applications. They were fully functional but had a nasty trick up their sleeve. To unlock all the features in the app, users had to log in to their Facebook accounts.

And this is where the sophisticated Trojan malware jumps into action. While the Facebook log-in page is genuine, the criminals used JavaScript code in the same WebView to hijack the entered credentials.

Facebook login
Courtesy of Dr. Web

“After that, this JavaScript passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals,” Dr. Web explained.

While the Trojan stole Facebook login details, the script could have easily been changed to pilfer Gmail details or other social media information. Where did it come from? Well, the attackers might have left one clue behind.

The updated version of the Trojan had extra functionality that allowed it to output the data into the log in Chinese. That points to a possible origin of the malware.

Facebook login
Courtesy of Dr. Web

Delete these Facebook login stealing apps now

The cybersecurity company also found an app that had previously been reported to Google and had been removed. The app returned in a new form but continued to steal personal information.

Here are the apps infected with the Facebook login stealing Trojan:

Processing Photo

The photo editing app had been downloaded over 50,000 times.

App Lock Keep, Lockit Master and App Lock Manager

These applications were used to lock down access to certain apps on the user’s phones. The same Trojan was found in Processing Photo.

Rubbish Cleaner

The app promised to optimize the Android device performance. It was downloaded over 100,000 times.

Horoscope Daily and Horoscope Pi

Both apps featured daily horoscopes developed by Talleyr Shauna. The Trojan is the same as the previously mentioned apps and had been downloaded 100,000 times.

Inwell Fitness

A fitness application that featured weight training programs and exercise plans. It had also been downloaded more than 100,000 times.

PIP Photo

Another photo editing app that had been downloaded a whopping 5 million times. It had two different Trojan embedded into its code.

Keep reading

Looking for cheap airfare? Don’t fall for this sneaky scam

Update your PC now! Emergency patch fixes ‘PrintNightmare’ flaw

Tags: Android, apps, companies, cybercriminals, cybersecurity, Dr. Web, Google, Google Play, malware, operating systems, security, security researchers