Saturday, July 3, 2021 20:23 PM (GMT+7)
Researchers at Dr. Web has just discovered 9 Android apps on Google Play that used a sneaky way to steal users’ Facebook login information.
Post from Dr. Web says all identified apps give users an option to turn off ads in the app by logging into their Facebook account. Users who selected this option saw a genuine Facebook login form containing fields to enter username and password.
Users need to be careful about malicious apps on Google Play.
Analysis of the malicious programs showed that they all received settings to steal Facebook account logins and passwords. However, attackers can easily change the trojan’s settings and ask them to load the website of another legitimate service. This means that the trojan can be used to steal logins and passwords from any service.
9 apps developed by Dr. Web discovery.
Dr. The Web identifies variants as Android.PWS.Facebook.13, Android.PWS.Facebook.14, Android.PWS.Facebook.15, Android.PWS.Facebook.17, and Android.PWS.Facebook.18.
The majority of downloads go to an app called PIP Photo with over 5.8 million downloads. The app with the next largest reach is Processing Photo with over 500,000 downloads. The rest of the apps include Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi and App Lock Manager.
A search for these apps on Google Play shows that all apps have been removed from the marketplace. A Google spokesperson said that the company has also banned developers of all nine apps from the store, meaning they won’t be allowed to submit new apps. It’s the right thing for Google to do, but it’s a minimal hurdle for developers anyway as they can simply sign up for a new developer account with a different name for a fee. one time is 25 USD.
Anyone who has downloaded one of the apps above should double-check their device and Facebook account for any signs of compromise.
A group of mobile network users in South Korea has filed a class-action lawsuit against many carriers in the country alleging…