Despite the fact that the platform is constantly monitored, the Google Play Store is frequently infected with harmful malware Hackers, on the other hand, have developed various techniques for circumventing Google’s security checkpoints for Android malware apps on the Google Play Store.
Now comes reports of a shocking recent discovery: up to 9 Android apps have been uncovered that steal Facebook users’ logins and passwords.
According to Doctor Web, these apps have been downloaded 5,856,010 times from the Google Play Store.
The malware specialists at Doctor Web discovered ten of these malware applications, nine of which were available on the Google Play Store.
These Android apps are stealer Trojans that have been distributed as benign software.
Users were required to log into their Facebook accounts in order to access all of the apps’ features and to turn off in-app advertising.
Users were directed to the usual Facebook login screen, which gave the impression that it was legitimate.
Hackers were able to gain access to the user’s Facebook credentials, as well as cookies, which were sent to cybercriminals.
The malicious Android apps disguised to be photo-editing, optimization, fitness, and astrology apps in order to deceive victims into entering into their Facebook accounts and hijack their credentials using JavaScript code obtained from an adversary-controlled server.
The list of Android malware apps are as follows –
- PIP Photo (>5,000,000 installs)
- Processing Photo (>500,000 installs)
- Rubbish Cleaner (>100,000 installs)
- Horoscope Daily (>100,000 installs)
- Inwell Fitness (>100,000 installs)
- App Lock Keep (50,000 installs)
- Lockit Master (5,000 installs)
- Horoscope Pi (>1,000 installs)
- App Lock Manager (10 installs)
While this effort appears to have targeted Facebook accounts, Dr. Web experts warn that this assault could have easily been extended to load the login page of any genuine web platform in order to capture logins and passwords from a range of services.
As part of its continuous efforts to prevent frauds and fake developer accounts, Google announced new steps for the Play Store, including requiring developer accounts to turn on 2-Step Verification (2SV), provide an address, and validate their contact details.
It is important to know that installing apps from verified and trusted developers, keeping an eye out for permissions requests from the apps, and reading other user reviews before installing.
Also read:
Popular Android antiviruses fail to detect malicious apps: DroidMorph
Android apps discovered with the ‘Joker’ malware: Report
Cybercriminals could possibly exploit Samsung pre-installed apps for spying
These 23 Android Apps exposed 100 million users’ personal data
These Billing Fraud Apps have infected over 700,000 Android Users
Joker malware spread over 500,000 Huawei Android devices