The Google Play Store is generally the safest place to get apps for your Android smartphone, but there are some bad guys every now and then. Recently, Google removed a handful of Android apps from the Play Store that were trying to steal Facebook’s passwords.
Dr. Web recently highlighted a “trojan” embedded in some Android apps that had the ability to trick users into giving up their Facebook password. Ten apps were observed using the software, most of which were actually available on the Google Play Store and had a significant number of downloads. The nine apps together have been downloaded over 6 million times.
The software worked by faking the Facebook login screen, leading users to believe that the otherwise innocuous app they were using required a Facebook account in order to function. After entering their password on the screen, the data was then stolen, giving the malicious actor access to the ignorant user’s account.
The apps in question included photo editing apps, App Lock, a fitness app, and horoscope apps. Some of the apps apparently used Google’s Flutter language. “PIP Photo” was the most successful app with 5.8 million downloads. The rest of the apps were marked as “more than 100,000” or less.
ArsTechnica found that all nine apps had been removed from the Play Store, with a Google spokesperson confirming that the bad actor’s developer accounts had also been banned. Google recently took steps to further secure the Play Store Add security requirements for Google Play developers.
More about Android:
FTC: We use high income auto affiliate links. More.