Breaking News

App 5.8 million downloads from Google Play steal Facebook password

Saturday, July 3, 2021 20:23 PM (GMT+7)

Researchers at Dr. Web has just discovered 9 Android apps on Google Play that used a sneaky way to steal users’ Facebook login information.

Post from Dr. Web says all identified apps give users an option to turn off ads in the app by logging into their Facebook account. Users who selected this option saw a genuine Facebook login form containing fields to enter username and password.

Users need to be careful about malicious apps on Google Play.

Then researchers Dr. Web says “These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers at launch, they loaded the legitimate Facebook website into the WebView. Next, they load the JavaScript received from the C&C server into the same WebView. This script was used directly to hijack entered credentials. This JavaScript then uses the methods provided through the JavascriptInterface annotation and passes the stolen logins and passwords to the trojan apps, before passing the data to the attacker’s C&C server. After the victim logged into their account, the trojan also stole cookies from the current authorized session. Those cookies were also sent to cybercriminals.”

Analysis of the malicious programs showed that they all received settings to steal Facebook account logins and passwords. However, attackers can easily change the trojan’s settings and ask them to load the website of another legitimate service. This means that the trojan can be used to steal logins and passwords from any service.

Researchers have identified five malware variants that are hosted inside the apps. Three of them are native Android apps, and the other two use Google’s Flutter framework, designed for cross-platform compatibility. Dr. Web says that it classifies them all as the same trojan because it uses identical configuration file formats and identical JavaScript code to steal user data.

App 5.8 million downloads from Google Play steal Facebook password - 3

9 apps developed by Dr. Web discovery.

Dr. The Web identifies variants as Android.PWS.Facebook.13, Android.PWS.Facebook.14, Android.PWS.Facebook.15, Android.PWS.Facebook.17, and Android.PWS.Facebook.18.

The majority of downloads go to an app called PIP Photo with over 5.8 million downloads. The app with the next largest reach is Processing Photo with over 500,000 downloads. The rest of the apps include Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi and App Lock Manager.

A search for these apps on Google Play shows that all apps have been removed from the marketplace. A Google spokesperson said that the company has also banned developers of all nine apps from the store, meaning they won’t be allowed to submit new apps. It’s the right thing for Google to do, but it’s a minimal hurdle for developers anyway as they can simply sign up for a new developer account with a different name for a fee. one time is 25 USD.

Anyone who has downloaded one of the apps above should double-check their device and Facebook account for any signs of compromise.


5G network operator in South Korea sued for

A group of mobile network users in South Korea has filed a class-action lawsuit against many carriers in the country alleging…


Leave a Reply

Your email address will not be published. Required fields are marked *