Apps with 5.8 million Google Play downloads stole customers’ Fb passwords

Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

Mateusz Slodkowski/SOPA Photos/LightRocket by way of Getty Photos

Google has given the boot to 9 Android apps downloaded greater than 5.8 million instances from the corporate’s Play marketplace after researchers stated these apps used a sneaky solution to steal customers’ Fb login credentials.

In a bid to win customers’ belief and decrease their guard, the apps offered totally functioning companies for picture enhancing and framing, train and coaching, horoscopes, and elimination of junk information from Android gadgets, based on a post revealed by safety agency Dr. Net. All the recognized apps supplied customers an choice to disable in-app advertisements by logging into their Fb accounts. Customers who selected the choice noticed a real Fb login type containing fields for coming into usernames and passwords.

Then, as Dr. Net researchers wrote:

These trojans used a particular mechanism to trick their victims. After receiving the mandatory settings from one of many C&C servers upon launch, they loaded the reliable Fb net web page https://www.fb.com/login.php into WebView. Subsequent, they loaded JavaScript acquired from the C&C server into the identical WebView. This script was instantly used to hijack the entered login credentials. After that, this JavaScript, utilizing the strategies offered by means of the JavascriptInterface annotation, handed stolen login and password to the trojan purposes, which then transferred the info to the attackers’ C&C server. After the sufferer logged into their account, the trojans additionally stole cookies from the present authorization session. These cookies have been additionally despatched to cybercriminals.

Evaluation of the malicious applications confirmed that all of them acquired settings for stealing logins and passwords of Fb accounts. Nonetheless, the attackers might have simply modified the trojans’ settings and commanded them to load the online web page of one other reliable service. They may have even used a totally faux login type situated on a phishing web site. Thus, the trojans might have been used to steal logins and passwords from any service.

Dr. Net

The researchers recognized 5 malware variants stashed contained in the apps. Three of them have been native Android apps, and the remaining two used Google’s Flutter framework, which is designed for cross-platform compatibility. Dr. Net stated that it classifies all of them as the identical trojan as a result of they use equivalent configuration file codecs and equivalent JavaScript code to steal consumer information.

Dr. Net recognized the variants as:

The vast majority of the downloads have been for an app referred to as PIP Photo, which was accessed greater than 5.8 million instances. The app with the subsequent biggest attain was Processing Photo, with greater than 500,000 downloads. The remaining apps have been:

A search of Google Play exhibits that each one apps have been faraway from Play. A Google spokesman stated that the corporate has additionally banned the builders of all 9 apps from the shop, that means they won’t be allowed to submit new apps. That’s the proper factor for Google to do, nevertheless it nonetheless poses solely a minimal hurdle for the builders as a result of they’ll merely join a brand new developer account below a distinct identify for a one-time payment of $25.

Anybody who has downloaded one of many above apps ought to completely look at their system and their Fb accounts for any indicators of compromise. Downloading a free Android antivirus app from a identified safety agency and scanning for added malicious apps isn’t a foul concept, both. The offering from Malwarebytes is my favourite.

Recent Articles

5 Android apps you should not miss this week – Android Apps Weekly

Welcome to the 398th version of Android Apps Weekly. Listed here are the massive headlines from the final week: Google Hangouts is on its means...

Google Meet on the internet makes use of AI to robotically brighten darkish movies

Supply: Google Update, Sept 20 (12:15 p.m. ET): Google rolls out low-light detection for net What you'll want to know Google Meet is rolling out with an...

Related Stories

Stay on op - Ge the daily news in your inbox