Google has removed nine apps from its Playstore for allegedly stealing Facebook login credentials from users who installed the services.
Disguised as utility apps, the apps use malicious code to steal the entered credentials for hackers. These were now banned from the Playstore but had millions of downloads when live.
Malicious Android Apps Stealing Credentials
Though Google verifies the apps before publishing them openly in the Playstore, many fraudulent developers push malicious updates to their apps later for various malicious purposes.
And before they’re suspected of doing something bad, they will be installed by thousands, if not millions of users already. One such incident is discovered by a Russian anti-virus software firm Dr. Web, in Google’s Playstore recently.
Their findings include ten Android apps having malicious code within to steal the users’ Facebook login credentials. Out of them, nine apps are spotted in Google Playstore with over 5.8 million combined downloads. These are;
- Processing Photo
- PIP Photo
- Rubbish Cleaner
- App Lock Keep
- App Lock Manager
- Lockit Master
- Horoscope Pi
- Horoscope Daily
- Inwell Fitness
These apps start with unsuspecting utility services, like photo editing, exercising, clearing up storage, or as vaults connected to the hackers’ command-and-control (C2) server.
When installed, they offer users an ad-free experience alongside access to full-on premium features in return for tagging their Facebook account.
And when clicked on that, users will be directed to a legitimate Facebook login page, but malicious code added to it. Thus, anything entered in that fields will be sent to hackers C2.
Also, the hackers are storing and stealing the cookies from activity sessions throughout. Upon intimation, Google has removed these apps from the Playstore and banned the developers behind them, nullifying their app publishing access.