Recently, we talked about user privacy and the apps collecting as much data as possible. Of course, they always insist that the data collected is only used for commercial purposes. But we are not naive to believe in it. In any case, all internet users should think about their own privacy. For example, if you only use one password (to remember) for all of your accounts, if one of your accounts is hacked, attackers will access all of your accounts. Because of this, there is a great risk of your accounts being attacked even if you are very careful when entering your Facebook login and password but ignore the other accounts.

Well, we’ve already talked about that which apps collect more user data. And now we’re going to talk about a new poll. Researchers found up to 9 Android apps that contained malicious code that allows hackers to steal Facebook passwords.

How Dr. Web explained, these apps look like legitimate apps. Let’s say they have basic photo editing features and the like. But the developers of these apps are stealing Facebook passwords. Of course, Google was informed about this and these apps are no longer available on the Google Play market.

The reason we talked about commercial exploitation of user data at the beginning of the article is because the attackers told users they could remove ads simply by logging into their Facebook accounts. Those who logged into their Facebook accounts posted their passwords on a sign.

How attackers stole Facebook passwords

These Trojans used a special mechanism to trick their victims. After receiving the required settings from one of the C&C servers at startup, they loaded the legitimate Facebook website https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was used directly to hijack the credentials entered. Then, using the methods provided by the JavascriptInterface annotation, this JavaScript passed stolen logins and passwords to the Trojan horse applications, which then transferred the data to the attacker’s C&C server. After the victim logged into their account, the Trojans also stole cookies from the current authorization session. These cookies have also been sent to cyber criminals.

So, if you’ve ever downloaded any of the nine apps below, change your Facebook password right away. Also, change the passwords for all accounts that are the same as your Facebook password.

  • PIP Photo: 5.8 million+ downloads
  • Photo processing: more than 500,000 downloads
  • Garbage cleaner: more than 100,000 downloads
  • Inwell Fitness: more than 100,000 downloads
  • Daily horoscope: more than 100,000 downloads
  • App Lock Keep: 50,000+ downloads
  • Lockit Master: more than 5,000 downloads
  • Horoscope Pi: 1,000 downloads
  • App lock manager: 10 downloads download

Source link

Leave a Reply