Google launched nine Android apps with more than 5.8 million combined downloads on its Play Store after researchers discovered they contained malicious code used to steal users’ Facebook login credentials, according to the Russian software company. anti-virus. Dr Web.
As reported by Ars Technica, these Trojan horse apps were designed to look and function like legitimate services for editing photos, exercising, cleaning up storage space on your device, and providing daily horoscopes, analysts say. malware from Dr. Web said in a publication this week. In reality, it was all complex to trick users into sharing their Facebook usernames and passwords.
Here’s how the diet worked: Each offered users the possibility of unlock all application functions and Get rid of in-app ads by logging into their Facebook accounts, which probably wouldn’t raise too many eyebrows as many mobile services allow you to sync your social media accounts. By choosing this option, the applications would then load. a legitimate Facebook login page containing fields for entering usernames and passwords. Regardless of the users entered into these forms, they would be taken directly to a computer controlled by the hackers, called a command and control server, via cleverly concealed malicious code, the researchers at Dr Web wrote:
Analysts discovered a total of 10 malicious Trojan horse apps, nine of which were previously available on the Google Play Store. By far the most downloads were two applications posing as photo editing services: PIP Photo with over 5 million installs and Processing Photo with over 500,000. Three other applications recorded over 100,000 downloads each.
If you’ve downloaded any of the apps listed below, you should consider updating your Facebook login information immediately and checking your other online accounts for any fraudulent activity:
- Photo processing
- PIP photo
- Garbage Cleaner
- App Lock Keep
- Application lock manager
- Master Lockit
- Horoscope Pi
- Daily horoscope
- Inwell Fitness
Analysts identified five variants of malware hidden in these apps: Android.PWS.Facebook.13, Android.PWS.Facebook.14 and Android.PWS.Facebook.15, which are native to Android apps, and Android.PWS.Facebook. 17 and Android.PWS.Facebook.18, which uses Google’s Flutter framework designed for cross-platform compatibility. Since they all use almost identical methods, codes and file formats to steal user data, Dr. Web classifies all five of them as the same Trojan horse.
These nine apps no longer appear in Play Store search results. A Google spokesperson told Ars Technica that the developers behind those apps have also been banned, barring them from submitting new apps.