Google is still trying to pull Android apps that Commit serious data breaches. Ars Technica Remarks that Google, according to Dr. Web analyst has removed nine apps from the Play Store discovered They were Trojans that stole Facebook credentials. These weren’t obscure titles – the malware had combined over 5.8 million downloads and pretended to be easy-to-find titles like Horoscope Daily and Rubbish Cleaner.

The apps tricked users into loading the real Facebook login page just to load JavaScript from a command and control server to “hijack” login information and pass it to the app (and thus the command server). They would also steal cookies from the authorization session. Facebook was the target in any case, but the creators could have simply directed users to other Internet services.

There were five variants of malware in the mix, but they all used the same JavaScript code and configuration file formats to convey information.

Google tells Ars It banned all app developers from the store, although that may not be a huge deterrent if the culprits are likely to get new developer accounts created. Google may have to search for the malware itself to keep the attackers away.

The question, of course, is how the apps recorded as many downloads as they did before the takedown. Google’s largely automated screening keeps a lot of malware out of the Play Store, but the sophistication of the tech could have helped the rogue apps overcome these defenses and keep victims unaware that their Facebook data falls into the wrong hands are advised. Whatever the cause, you should certainly be careful about downloading utilities from unknown developers, no matter how popular they seem.

All products recommended by Engadget are selected by our editorial team independently of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Source link

Leave a Reply