Home » 9 apps in Google Play were found to steal users’ Facebook passwords | XFastest News

9 apps in Google Play were found to steal users’ Facebook passwords | XFastest News

by admin

According to foreign media reports, Google recently announced that its nine Android apps have been downloaded more than 5.8 million times in the Play Store. Previously, researchers claimed that these apps stole users’ Facebook login information in a despicable way. According to an article published by the security company Dr. Web, in order to win the trust of users and reduce their vigilance, these applications provide full-featured services-including photo editing and color picking, exercise and training, astrology and removal Junk files on Android devices.

All recognized apps provide users with the option to log in to their Facebook account to disable in-app advertising. Users who choose this option will see a real Facebook login form with fields for entering username and password.

The researchers of Dr. Web wrote:

These Trojans use a special mechanism to deceive their victims. After receiving the necessary settings from a C&C server at startup, they load the legitimate Facebook page https://www.facebook.com/login.php into the WebView. Next, they load the JavaScript received from the C&C server into the same WebView. The script is directly used to hijack the entered login credentials. After that, the JavaScript uses the method provided by the JavascriptInterface annotation to pass the stolen login name and password to the Trojan horse application, and the Trojan horse application transmits the data to the attacker’s C&C server. After the victim logged into their account, the Trojan also stole cookies from the current authorized session. These cookies were also sent to cybercriminals.

Analysis of the malicious program showed that they all received settings to steal the login name and password of their Facebook account. However, an attacker can easily change the Trojan’s settings and order them to load a web page of another legitimate service. They can even use completely fake login forms on phishing websites. Therefore, Trojan horses may be used to steal the login name and password of any service. “

See also  the symptoms of mental deterioration (which is reversible) - breaking latest news

Researchers discovered five malware variants hidden in these applications. Three of them are native Android apps, and the other two use Google’s Flutter framework-which is designed for cross-platform compatibility. Dr. Web pointed out that it categorizes all these Trojans as the same kind of Trojans because they use the same configuration file format and the same JavaScript code to steal user data.

Dr. Web identified these mutations as:

Android.PWS.Facebook.13

Android.PWS.Facebook.14

Android.PWS.Facebook.15

Android.PWS.Facebook.17

Android.PWS.Facebook.18

Most of the downloads come from an application called PIP Photo, which has been downloaded more than 5.8 million times. Next is Processing Photo, which has been downloaded more than 500,000 times. The remaining applications are:

Rubbish Cleaner: over 100,000 downloads

Inwell Fitness: over 100,000 downloads

Horoscope Daily: over 100,000 downloads

App Lock Keep: over 50,000 downloads

Lockit Master: Over 5000 downloads

Horoscope Pi: 1,000 downloads

App Lock Manager: 10 downloads

All these applications have now been removed from Google Play. A Google spokesperson said that the company has also banned all nine app developers from using it in its app store, which means they will not be allowed to submit new apps. Google’s approach is correct, but this is only a small obstacle for developers, because they only need to pay $25 to register a new developer account with a different name.

Anyone who has downloaded the above apps should carefully check their device and Facebook account to see if there are any signs of compromise.

source

Further reading:



You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy