Google has removed nine android apps that stole users' Facebook passwords. Russian anti-virus firm Dr. Webb identified these malicious apps. Combined that apps had downloads of over 5.8 million.
How were the apps stealing data?
Hackers created legitimate apps for photo-editing, exercising, horoscopes, and ironically password management. Though these apps were fully functional, they were trojans to steal users' Facebook passwords. After users had started using the apps, they would get an option to link their Facebook accounts. Connecting to Facebook would give users access to additional features and get rid of ads. Users would not find this suspicious as many apps and services today allow you to link to your social media accounts. The apps would pass users' information to a hacker-controlled computer called a Command and Control server, a C&C server.
See also: 3 New Features Twitter is Considering
After receiving the required settings from the C&C server, the apps would trick users by loading a genuine Facebook login page, https://www.facebook.com/login.php in web view. The apps would then load a javascript into the same web view. This script would allow the apps to hijack any login information entered by users. The javascript would pass on these login details to the app, which would send them to the C&C server. After the user had logged in, the apps would also steal cookies from the current authorized session. These cookies were shared with cyber criminals. Facebook was the only target for these apps, but the mechanism for stealing data would have worked with any service.
Which apps were at fault?
In total Dr. Webb identified nine trojan apps. The photo editing apps were the most popular of the set:
- PIP Photo (5.8 million downloads)
- Processing Photo (500,000+ downloads)
- Rubbish Cleaner (100,000+ downloads)
- Inwell Fitness (100,000+ downloads)
- Horoscope Daily (100,000+ downloads)
- App Lock Keep (50,000+ downloads)
- Lockit Master (5,000+ downloads)
- Horoscope Pi (1,000+ downloads)
- App Lock Manager (10 downloads)
If you downloaded or used any of these apps, you need to uninstall them and update your Facebook password. If possible turn on two-factor authorization for your account. This way, even if you hackers get your password, you will be protected by two-factor verification.
Google has removed these apps from its PlayStore and has banned the developer. However, the way the PlayStore is designed it is very easy for developers to sign up for the service and resubmit apps that have been taken down. A publishing license for the PlayStore only costs $25. Hence, users should continue to remain vigilant. Avoid connecting your social media accounts to unknown apps from the PlayStore.
Who is Dr. Web?
Doctor Web is Russia's first and largest anti-virus service. It was established in 1992. The company provides a software suite called Web that provides anti-malware solutions. The email platform Yandex utilizes Web to scan for malware. Subscribe to Whitepapers.online for continued technology news and updates.
Feature image: Background photo created by freepik - www.freepik.com