All nine apps offered legal services and were downloaded more than 5.8 million times. Security researchers at Dr. Web have discovered these malicious apps and said they used a mechanism to trick the users to give their Facebook ID and passwords.
Google Removes Popular Apps from Play Store with 5.8 Million Downloads
The apps attracted users to disable the in-app ads by adding their Facebook profiles. When the user links their FB account, they see a form asking to enter their Facebook username and password. The form looks genuine, so the users fall for it. Once they enter the credentials, the page is loaded into Android WebView, which was legitimate.
The researchers at Dr. Web says,
The apps that are now removed from Google Play Store are:
- PIP Photo (5,000,000+ downloads)
- Processing Photo (500,000+ downloads)
- Rubbish Cleaner (100,000+ downloads)
- Inwell Fitness (100,000+ downloads)
- Horoscope Daily (100,000+ downloads)
- App Lock Keep (50,000+ downloads)
- Lockit Master (5,000+ downloads)
- Horoscope Pi (1,000 downloads)
- App Lock manager (10 downloads)
All these apps are removed from the store and also banned the publishers of the apps, so they can’t publish new apps. If you have installed any app from the list, uninstall them right now.