Sunday, July 25, 2021
HomeTechnologyApps with 5.8 million Google Play downloads stole users’ Facebook passwords

Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

Mateusz Slodkowski / SOPA Images / LightRocket via Getty Images

Google kicked off nine Android apps that were downloaded more than 5.8 million times from the company’s Play Marketplace after researchers said the apps used a sneaky way to steal people’s Facebook credentials. users.

In an effort to gain users’ trust and let their guard down, the apps have provided fully functional services for photo editing and framing, exercise and training, horoscopes, and junk file removal from Android devices, according to an article published by security firm Dr. The Web. All of the apps identified offered users the option of opting out of in-app ads by logging into their Facebook accounts. Users who chose the option saw a real Facebook login form with fields for entering usernames and passwords.

Then, as the researchers at Dr Web wrote:

These Trojans used a special mechanism to deceive their victims. After receiving the necessary settings from one of the C&C servers during launch, they loaded the legitimate Facebook webpage https://www.facebook.com/login.php in WebView. Then they loaded the JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the login credentials entered. After that, this JavaScript, using the methods provided via the JavascriptInterface annotation, passed the stolen login and password to the Trojan applications, which then forwarded the data to the attackers’ C&C server. Once the victim logged into their account, the Trojans also stole the cookies from the current authorization session. These cookies were also sent to cybercriminals.

Malware analysis showed that they were all given settings to steal Facebook account IDs and passwords. However, the attackers could easily have changed the settings of the Trojans and ordered them to load the web page of another legitimate service. They could even have used a completely bogus login form located on a phishing site. Thus, Trojans could have been used to steal the usernames and passwords of any service.

malicious android apps Apps with 5.8 million Google Play downloads stole users’ Facebook passwords

Dr. The canvas

Researchers have identified five variants of malware hidden in apps. Three of these were native Android apps, and the other two used Google’s Flutter framework, which was designed for cross-platform compatibility. Dr. Web has stated that he classifies them all as the same Trojan horse because they use identical configuration file formats and identical JavaScript code to steal user data.

Dr Web identified the variants as follows:

The majority of the downloads were for an app called PIP Photo, which was viewed over 5.8 million times. The application with the second largest reach was Photo Processing, with over 500,000 downloads. The remaining applications were:

A search on Google Play shows that all apps have been removed from Play. A Google spokesperson said the company has also banned the developers of the store’s nine apps, meaning they won’t be allowed to submit new apps. This is the right thing for Google to do, but it poses only a minimal hurdle for developers nonetheless as they can simply sign up for a new developer account under a different name for a one-time fee of $ 25.

Anyone who has downloaded any of the above apps should carefully examine their device and Facebook accounts for any signs of compromise. Downloading a free Android antivirus app from a well-known security company and looking for other malicious apps isn’t a bad idea either. Malwarebytes’ offering is my favorite.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments