• Home
  • Apps
  • Apps News
  • Google Play Store Removes Nine Malicious Apps That Reportedly Stole Users Facebook Login Credentials

Google Play Store Removes Nine Malicious Apps That Reportedly Stole Users Facebook Login Credentials

These nine malicious apps on the Google Play store said to have had five different variants of malware.

Google Play Store Removes Nine Malicious Apps That Reportedly Stole Users Facebook Login Credentials

Photo Credit: Dr. Web

Google Play Store has now removed these nine apps

  • Google has also banned the developers of these apps from the store
  • Users with these apps should scan their devices, Facebook accounts
  • The apps had approximately 5.9 million combined downloads

Google has removed nine apps from its Play store after researchers showed that they sneakily stole users' Facebook login credentials. The apps were hidden under names that sounded like everyday utility tools and apps. These include Rubbish Cleaner and Horoscope Daily. According to a report, the malicious apps had approximately 5.9 million combined downloads on the Google Play store — with PIP Photo alone having 5.8 million downloads — and had five different variants of malware. Google had earlier removed three apps meant for children over privacy violations.

Dr. Web, an antivirus service, reports that their malware analysts discovered nine malicious apps - Processing Photo, App Lock Keep, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, App Lock Manager, Lockit Master, Inwell Fitness, and PIP Photo. These apps reportedly acted as trojan malware and stole users' Facebook login credentials after providing users the options to disable ads by logging in via their social media accounts. Dr. Web's report was spotted by Ars Technica.

These apps tricked users by showing an exact replica of Facebook's login page. The apps instead loaded a JavaScript command that stole their login credentials. The apps also apparently stole browser cookies from the authorisation session. There were a total of malware variants and all of them reportedly used an identical JavaScript code to steal user data. The report also noted that out of the malware variants, three were native Android apps, and two were created using Google's Flutter SDK.

The malware variants identified by Dr. Web are Android.PWS.Facebook.13Android.PWS.Facebook.14, Android.PWS.Facebook.15, Android.PWS.Facebook.17, and Android.PWS.Facebook.18.

A Google spokesperson told Ars Technica that they had also banned the app developers of all of the nine apps from Google Play store, which would stop these developer accounts from publishing any new apps on the marketplace. This is a positive step by Google, but a new developer account, under a different name, can be created with a nominal fee of $25 (roughly Rs. 1,900).

Users are advised not to download any app from an unknown developer, regardless of how many downloads the app might have. In this case, PIP Photo had the maximum downloads at 5.8 million, followed by Processing Photo at 500,000 downloads. Anyone who has downloaded these apps should thoroughly examine their device and Facebook account for suspicious activities.

Windows 11 has been unveiled, but do you need it? We discussed this on Orbital, the Gadgets 360 podcast. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, Amazon Music and wherever you get your podcasts.

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Satvik Khare
Satvik Khare is a sub-editor at Gadgets 360. His proficiency lies in educating how technology makes life easier for everyone. Gadgets have always been a passion with him and he's frequently found finding his way around new technologies. In his free time he loves tinkering with his car, participating in motorsports, and if the weather is bad, he can be found doing laps on Forza Horizon on his Xbox or reading a nice piece of fiction. He can be reached through his Twitter ...More
OnePlus Nord 2 Launch Timeline Tipped, May Debut on July 24
Read in: हिंदी
Share on Facebook Tweet Snapchat Share Reddit Comment



© Copyright Red Pixels Ventures Limited 2022. All rights reserved.