Google launched nine Android apps with more than 5.8 million combined downloads on its Play Store after researchers discovered they contained malicious code used to steal users’ Facebook login credentials, according to the Russian Antivirus Software Company Dr. The canvas.
As reported by Ars Technica, tThese Trojan horse apps were designed to look and function like legitimate services for editing photos, exercising, cleaning up storage space on your device, and providing daily horoscopes, Dr. Web’s malware analysts said in a publication this week. In reality, it was all complex to trick users into sharing their Facebook usernames and passwords.
Here’s how the program worked: Each of these apps offered users the ability to to open all application functions and get rid of in-app ads by logging into their Facebook accounts, which probably wouldn’t raise too many eyebrows, as many mobile services allow you to sync your social media accounts. By choosing this option, the applications would then load. a legitimate Facebook login page containing fields for entering usernames and passwords. Regardless of the users entered into these forms, they would be taken directly to a computer controlled by the hackers, called a command and control server, via cleverly concealed malicious code, the researchers at Dr Web wrote:
Analysts discovered 10 malicious Trojan applications in total, nine of which were previously available on the Google Play Store. By far, two applications posing as photo editing services accounted for the most downloads: PIP Photo with over 5 million installs and Processing Photo with over 500,000. Three other applications recorded over 100,000 downloads each.
If you’ve downloaded any of the apps listed below, you should consider updating your Facebook login information immediately and checking your other online accounts for any fraudulent activity:
- Photo processing
- Photo PIP
- Garbage Cleaner
- App Lock Keep
- Application lock manager
- Master Lockit
- Horoscope Pi
- Daily horoscope
- Inwell Fitness
Aanalyst identified five variants of malware hidden in these apps: Android.PWS.Facebook.13, Android.PWS.Facebook.14 and Android.PWS.Facebook.15, which are native to Android apps, and Android.PWS.Facebook. 17 and Android.PWS.Facebook.18, which uses Google’s Flutter framework designed for cross-platform compatibility. Since they all use almost identical methods, codes and file formats to steal user data, Dr. Web classifies all five of them as the same Trojan horse.
These nine apps no longer appear in Play Store search results. A Google spokesperson told Ars Technica that the developers behind those apps have also been banned, barring them from submitting new apps.