Google has reportedly removed 9 apps from the Play Store after they were discovered to be trojans, stealing user data. The apps in question were stealing Facebook passwords of users using identical Javascript code. It is as if third parties do not have enough user data from Facebook from its massive data breach earlier this year.
The trojan apps were discovered by the digital security platform Dr. Web as researchers from the firm shared a detailed report on the same. As per the report, the trojans used a special mechanism to acquire Facebook credentials, including passwords, of users. Then, they sent the acquired data to the attackers’ servers. The report also suggests that the apps stole cookies from the current authorization session to send them to perpetrators.
Apps That Stole Facebook Passwords
The researchers recognized five malware variants integrated into these apps. Amongst these, three of them were native Android apps, while the remaining two used Google’s Flutterwork framework that is developed for cross-platform compatibility.
Coming to the apps in question, more or less every one of them had over 100,000 downloads. The majority of the downloads were for an app named “PIP Photo”, which boasted 5.8 million downloads on the Play Store. The second-most downloaded trojan app was “Processing Photo”, which had more than half a million downloads.
The other compromised apps were Rubbish Cleaner (100,000+ downloads), Horoscope Daily (100,000+ downloads), Inwell Fitness (100,000+ downloads), App Lock Keep (50,000+ downloads), Lockit Master (50,000+ downloads), Horoscope Pi (1,000+ downloads), and App Lock Manager (10+ downloads).
After Dr. Web published the report, labeling these apps as trojans, Google was quick to remove all the apps from the Play Store. Moreover, a company spokesperson reported to Ars Technica that all developers of these apps were banned from publishing apps on the Play Store.
If you downloaded any one of these apps on your device, we recommend you remove it right away and change your Facebook password immediately. Then you can go to “have i been pwned?” website to check if your Facebook credentials were compromised or not.