Google Play Removes 9 Apps That Steal Facebook Passwords


Google Play: Last Thursday (1), security researchers from the Dr.Web antivirus service sent a report to Google about nine applications that stole their users’ Facebook accounts. Google Play removed the Trojan programs, which offered to stop advertising if the consumer accessed Facebook via WebView with malicious JavaScript. Developers of all apps have been banned from the service.

Check out the full list of apps:

PIP Photo
Processing Photo
Rubbish Cleaner
Inwell Fitness
Daily Horoscope
App Lock Keep
Lockit Master
Horoscope Pi
app lock manager

Make sure these apps are missing from your smartphone. If you’ve been a victim of cybercrime, the tip is to reset your Facebook password and enable 2-step verification.

Hidden malware behind legitimate services

The list includes photo editing services, training plans and even horoscopes. PIP Photo was the most popular on the list, with nearly 5 million downloads. In all, the services have accumulated around 6 million users.

After the consumer agreed to log in to Facebook to disable ads, the programs sent a login page with a JavaScript that stole the typed credentials and session cookies. Finally, the data was transmitted to the trojan program, which sent it to the criminals’ servers.

According to Dr.Web’s report, malicious programs could simulate pages from other social networks. That is, in addition to Facebook, malware would also be able to trick users into stealing data from other websites and applications.

Finally, the site warns Google Play users to keep an eye out for login requests on apps that aren’t entirely trustworthy. The presence of a program on the Google Store does not guarantee the security of your device.


Please enter your comment!
Please enter your name here