The Google Play Store is generally the safest place to get apps for your Android smartphone, but there are some bad guys every now and then. Recently, Google removed a handful of Android apps from the Play Store that were trying to steal Facebook’s passwords.

Dr. Web recently highlighted a “trojan” embedded in some Android apps that had the ability to trick users into giving up their Facebook password. Ten apps were observed using the software, most of which were actually available on the Google Play Store and had a significant number of downloads. The nine apps together have been downloaded over 6 million times.

The software worked by faking the Facebook login screen, leading users to believe that the otherwise innocuous app they were using required a Facebook account in order to function. After entering their password on the screen, the data was then stolen, giving the malicious actor access to the ignorant user’s account.

The shape displayed was then real. These Trojans used a special mechanism to trick their victims. After receiving the required settings from one of the C&C servers at startup, they loaded the legitimate Facebook website into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was used directly to hijack the credentials entered. Then, using the methods provided by the JavascriptInterface annotation, this JavaScript passed stolen logins and passwords to the Trojan horse applications, which then transferred the data to the attacker’s C&C server. After the victim logged into their account, the Trojans also stole cookies from the current authorization session. These cookies have also been sent to cyber criminals.

The apps in question included photo editing apps, App Lock, a fitness app, and horoscope apps. Some of the apps apparently used Google’s Flutter language. “PIP Photo” was the most successful app with 5.8 million downloads. The rest of the apps were marked as “more than 100,000” or less.

ArsTechnica found that all nine apps had been removed from the Play Store, with a Google spokesperson confirming that the bad actor’s developer accounts had also been banned. Google recently took steps to further secure the Play Store Add security requirements for Google Play developers.

More about Android:

FTC: We use high income auto affiliate links. More.

You can find more news at 9to5Google on YouTube:

Source link

Leave a Reply