Google Has Removed Apps From Play Store That Were Stealing Facebook Login Details

By
Vanessa Waithera
-
0
539

Google has removed apps with 5.8 million downloads from the Play Store that were stealing users’ Facebook login details.

Google has banned the developers of all nine apps from the store, meaning they will not be allowed to submit new apps.

The malware apps offered useful services like photo editing and framing, exercise and training, horoscopes and removal of unwanted files from Android devices. These malicious apps got their way around users’ Facebook credentials by offering an option to disable in-app ads if they logged in from their Facebook accounts.

How was it working?

According to a post published by security firm, Dr Web users who chose the option saw a Facebook login form that required them to fill in their usernames and passwords. The security firm further analysed the malicious programs to find that the apps received settings for stealing logins and passwords of Facebook accounts.

Trending
Why Equitel Poses As A Game Changer In Mobile Money Transactions.

The apps tricked users by loading into the Facebook sign-in page to steal their login details and to pass them along to the app. The report noted that the malware would also steal cookies from the authorisation session. In each case, Facebook was targeted, but the creators could have also taken advantage of other legitimate internet services by using fake logins on a phishing site.

The apps that were involved.

These Android apps included Rubbish Cleaner, Inwell Fitness, Horoscope Daily which nearly had 1 Lakh downloads each, App Lock Keep, Lockit Master with 50,000 downloads each. Horoscope Pi with 1000 downloads and App Lock Manager with 10 downloads.

A Google spokesman told Ars Technica that the company has also banned the developers of all nine apps from the store, meaning they will not be allowed to submit new apps. However, according to the report, this is a small hurdle for defaulters as a new developer account under a different name requires a one-time fee of $25.

Other challenges.

The development comes just days after Joker virus freshly targeted eight new Android apps that stole users’ data, including SMS, contact list, device info, OTPs and more.

The eight apps that were infected by the Joker virus are Auxiliary Message, Fast magic SMS, Free CamScanner, Super Message, Element Scanner, Go messages, travel wallpapers and Super SMS. The infected apps were removed by Google from the play store after several downloads from users.

Advertise on TechMoran.com — reach founders, innovators, and decision-makers

Promote your product, event, press release, or launch a report to a highly engaged tech and business audience. You can also take over our homepage for premium visibility and sponsor our monthly #TechNight events and podcasts and annual StartupEast Conference & Awards to maximize brand exposure.

Beyond reach and visibility, we have over ten years of experience in SEO-driven digital publishing and we are the best in the SEO market at helping brands grow organic visibility through high-quality editorial backlinks and strategic content placement. We are here to help you improve your search rankings and long-term discoverability. We also help improve AI discoverability, ensuring your brand is more visible across emerging AI-powered search and recommendation systems.

Your campaign will also be extended across TechMoran, BusinessTech.co.ke, and AfricanWomenNetwork.net, including their newsletters, giving you wider reach and engagement across East Africa’s leading digital audiences. Be part of the region’s biggest tech and business platforms monthly, quarterly, and annually.

Contact Sales