Researcher from Dr. Web found nine apps with more than 5.8 million combined downloads that were secretly stealing users’ Facebook passwords through a real Facebook login page. At this point in time, Google has blocked the developer and removed these nine apps from the Play Store. However, once you’ve downloaded one of these, it’s time to change your passwords.
How did the apps steal the data?
According to the Researcher at Dr. Web, the developer chikumburahamilton, has developed fully functional apps for photo editing, training, horoscopes and garbage cleaning (among others). After a period of time, these apps prompted users to log in via Facebook in order to unlock the full functionality of the app.
When the users did so, the app would launch its own C&C server (a command-and-control server controlled by the developer to copy and store data from a webpage). After receiving the settings from the C&C server, the app was loaded and then the legitimate Facebook login page loaded.
What can you do about it?
The first thing you should do is check that you have one of these nine apps running:
- PIP photo
- Process photo
- Garbage cleaner
- Inwell Fitness
- Daily horoscope
- Keep app lock
- Lockit master
- Horoscope more
- App lock manager
If you have any of these apps installed, the first step is to uninstall the application.
Then, when you have logged into Facebook using the app, you have to Reset your password immediately.
Next, stay vigilant. Use a trusted antivirus application like Malwarebytes to detect apps with malicious code. Whenever possible, avoid connecting third-party services like Facebook to random apps downloaded from the Play Store. The way the Play Store works makes it trivially easy for developers to re-enter and resubmit apps, even after they’re removed (a developer license is only $ 25).
Finally switch on Two-factor authentication for each site that allows it and pair it with a Password manager. This helps you generate and store long passwords securely. And even if a website leak reveals your password, two-factor authentication protects you from hackers.