MobileNews

Google pulls a few Android apps from Play Store that could steal Facebook passwords

The Google Play Store is generally the safest place to obtain apps for your Android smartphone, but every once in a while, some bad actors find their way in. Recently, Google removed a handful of Android apps from the Play Store that tried to steal Facebook passwords.

Dr. Web recently highlighted a “trojan” that was embedded within some Android apps that had the ability to trick users into giving up their Facebook password. Ten apps were observed using the software, most of which were actually available in the Google Play Store and had racked up a considerable number of downloads. The nine apps combined were downloaded over 6 million times.

The software worked by faking the Facebook login screen, making users think that the otherwise harmless app they were using required a Facebook account to function. After entering their password on the screen, the data was then stolen and gave the bad actor access to the unwitting user’s account.

With that, the displayed form was genuine. These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

The apps in question included photo editing apps, “App Lock,” a fitness app, and horoscope applications. Some of the apps apparently used Google’s Flutter language. “PIP Photo” was the app that managed the most success, pulling 5.8 million downloads. The rest of the apps were marked as “more than 100,000” or less.

ArsTechnica found that all nine apps have been removed from the Play Store, with a Google spokesperson confirming that the bad actor’s developer accounts have also been banned. Google has also been taking steps to further secure the Play Store recently by adding security requirements for Google Play developers.

More on Android:


Check out the latest Samsung phones at great prices from Gizmofashion – our recommended retail partner.


Author: Ben Schoon
Source: 9TO5Google

Related posts
Cleantech & EV'sNews

Einride deploys first daily commercial operations of autonomous trucks in Europe

Cleantech & EV'sNews

ChargePoint collaborates with GM Energy to deploy up to 500 EV fast chargers with Omni Ports

Cleantech & EV'sNews

How Ukraine assassinated a Russian general with an electric scooter

CryptoNews

Day-1 Crypto Executive Orders? Bitcoin Bulls Brace for Trump's Big Move

Sign up for our Newsletter and
stay informed!