Google has removed apps with 5.8 million downloads from the Play Store that were stealing users’ Facebook login details.
Google has banned the developers of all nine apps from the store, meaning they will not be allowed to submit new apps.
The malware apps offered useful services like photo editing and framing, exercise and training, horoscopes and removal of unwanted files from Android devices. These malicious apps got their way around users’ Facebook credentials by offering an option to disable in-app ads if they logged in from their Facebook accounts.
How was it working?
According to a post published by security firm, Dr Web users who chose the option saw a Facebook login form that required them to fill in their usernames and passwords. The security firm further analysed the malicious programs to find that the apps received settings for stealing logins and passwords of Facebook accounts.
The apps tricked users by loading into the Facebook sign-in page to steal their login details and to pass them along to the app. The report noted that the malware would also steal cookies from the authorisation session. In each case, Facebook was targeted, but the creators could have also taken advantage of other legitimate internet services by using fake logins on a phishing site.
The apps that were involved.
These Android apps included Rubbish Cleaner, Inwell Fitness, Horoscope Daily which nearly had 1 Lakh downloads each, App Lock Keep, Lockit Master with 50,000 downloads each. Horoscope Pi with 1000 downloads and App Lock Manager with 10 downloads.
A Google spokesman told Ars Technica that the company has also banned the developers of all nine apps from the store, meaning they will not be allowed to submit new apps. However, according to the report, this is a small hurdle for defaulters as a new developer account under a different name requires a one-time fee of $25.
Other challenges.
The development comes just days after Joker virus freshly targeted eight new Android apps that stole users’ data, including SMS, contact list, device info, OTPs and more.
The eight apps that were infected by the Joker virus are Auxiliary Message, Fast magic SMS, Free CamScanner, Super Message, Element Scanner, Go messages, travel wallpapers and Super SMS. The infected apps were removed by Google from the play store after several downloads from users.