Google found 9 applications that were able to steal Facebook credentials from Android users, according to a Dr. Web research.
The most concerning aspect is that these applications have been downloaded over 5.8 million times. Overall, the applications seemed legitimate and performed what they were intended to do, such as daily horoscope, picture editing, photo framing, or exercise and training.
Because they contained advertisements, users had the option to disable them by connecting to Facebook. Although it originally loaded the real page, it redirected users to an an interface that looked very similar to the Facebook login form. The software captured the login credentials and transmitted them to the hackers’ command and control server along with the cookies from current authentication sessions.
Security researchers stated, “Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.”
Check the list below to see if you have any of the following malware applications installed:
PIP Photo had the most downloads among malware-infected applications, with 5.8 million. The following applications are added to the list:
- Horoscope Pi has had about 1,000 downloads
- Lockit Master has had about 5,000 downloads
- App Lock Manager: about ten downloads
- Horoscope Daily has about 100,000 downloads
- App Lock Keep has had about 50,000 downloads
- Inwell Fitness has about 100,000 downloads
- Rubbish Cleaner has had 100,000 downloads
- Processing Photo: about 500,000 downloads
The trojanized apps are no longer present in Google Play, and Google also blacklisted the creators of all nine applications from the store, preventing them from submitting new apps.
While the bans are justified, Google should focus on improve its security systems to prevent the addition of similar apps to its repository. After all, hackers can easily build malicious apps and upload them to Google Play for as little as $25.