9 Trojan Apps With Over 5.8 Million Play Store Downloads Steals Users’ FB Passwords, Pulled Out By Google

0
218

 

  • NET Web Desk

Google have recently taken down 9 Android apps from Play Store that committed major privacy violations.

Security firm Doctor Web has published a report that identified 9 trojan apps with photo editing and app lock features stealing users FB passwords.

These 9 apps – PIP Photo, Processing Photo, Rubbish Cleaner, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi, App Lock Manager, and Inwell Fitness.

All these apps amassed nearly 6 million Google Play Store downloads.

According to Business Insider report, PIP Photo app was found to be the most downloaded among these apps, amassing 5 million downloads of its own.

“After receiving the necessary settings from one of the C&C servers upon launch, these apps loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials.” – asserted by Doctor Web.

“Then the JavaScript, using the methods provided through the JavascriptInterface annotation, were passed with the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.” – further added by the research firm.