Google has deleted nine Android apps from the companyโs Play marketplace amid concerns the apps used a sneaky way to steal usersโ Facebook login credentials.
The apps reportedly appeared normal and required users to log in using their Facebook accounts.
This is common, but in this case, the apps contain trojan malware which is installed right after the users log into their accounts.
Users who chose the option saw a genuine Facebook login form containing fields for entering usernames and passwords.
In a bid to win usersโ trust and lower their guard, the apps provided fully functioning services for photo editing and framing, exercise and training, horoscopes, and removal of junk files from Android devices.
The nine apps have cumulatively garnered more than 5.8 million downloads.
Although designed to steal Facebook passwords, the report says that the attackers could have easily changed the trojanโs settings and commanded them to load the web page of another legitimate service.
According to a post published by security firm Dr. Web, the apps attract users to disable in-app ads by linking to their Facebook profiles.
When a user goes to link to his profile, they see an original form that asks them to enter their username and Facebook password.
The Facebook page uploaded to Android WebView itself was official. However, the researchers found that hackers also uploaded malicious JavaScript to the same WebView in order to steal user data.
โThey could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service,โ they said.
The apps have been removed from Googleโs play store, but some people could still have them on their phones or tablets. Check for the nine apps below:
ยท Processing Photo
ยท App Lock Keep
ยท Rubbish Cleaner
ยท Horoscope Daily
ยท Horoscope Pi
ยท App Lock Manager
ยท Lockit Master
ยท Inwell Fitness
ยท PiP Photo
Android users are advised to download apps from trusted developers and pay attention to reviews on the page.
If you suspect that the app you are about to download is suspicious, skip it.
Anyone who has downloaded one of the above apps should thoroughly examine their device and their Facebook accounts for any signs of compromise.
Byย Hillary Kimuyu
Source-https://nairobinews.nation.co.ke/
List of Apps Used To Steal Your Facebook Login credentials