Google launched nine Android apps that have been downloaded more than 5.8 million times by companies Play Marketplace after researchers said these apps used a devious way to steal users’ Facebook credentials.
According to a. fully functional services for image editing and composition, exercises and training, horoscopes and removing junk files from Android devices post published by the security company Dr. Web. All apps identified offered users the option to opt out of in-app advertising by logging into their Facebook accounts. Users who chose this option saw a real Facebook login form with fields for entering usernames and passwords.
Then as Dr. Web researchers wrote:
The analysis of the malicious programs revealed that they received all settings for stealing logins and passwords from Facebook accounts. However, the attackers could easily have changed the Trojans’ settings and ordered them to load the website of another legitimate service. You could even have used a completely fake registration form that is on a phishing site. The Trojans could be used to steal logins and passwords from any service.
Dr. Web identified the variants as:
Most of the downloads were for an app called PIP photo, which has been viewed more than 5.8 million times. The app with the next largest reach was Process photo, with more than 500,000 downloads. The rest of the apps were:
A search on Google Play shows that all apps have been removed from Play. A Google spokesman said the company has also banned the developers of all nine apps from the store, which means they are not allowed to submit new apps. This is correct for Google, but it still poses a minimal hurdle for the developers, as they can simply sign up for a new developer account under a different name for a one-time fee of $ 25.
Anyone who has downloaded any of the above apps should thoroughly examine their device and Facebook accounts for any signs of compromise. It’s also not a bad idea to download a free Android antivirus app from a well-known security company and check for additional malicious apps. The Offered by Malwarebytes is my favorite.