Malicious Google Play Apps Steal Facebook Users’ Logins and Passwords
The Company Removed Nine Android Apps Installed Over 5,856,010 Times After They Were Caught Stealing Users’ Facebook Login Credentials.
Last updated on July 5, 2021
The discovery was made by malware analysts from Doctor Web. The specialists uncovered 10 of these trojan apps, of which 9 were available on Google Play. These stealer trojans were spread as harmless software and were installed over 5,856,010 times.
The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps’ functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts. The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions.
Although it seems that the campaign has set its sights on Facebook credentials, the researchers warned that this attack could be been easily expanded to any legitimate web platform.
Analysis of the malicious programs showed that they all received settings for stealing logins and passwords of Facebook accounts. However, the attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service. They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.
The discovery comes just days after Google announced new measures for the Play Store, including 2-Step Verification (2SV) and additional identification requirements. According to the Google Play Trust and Safety team, these two requirements are a step towards strengthening account security and ensuring a safe and secure app marketplace.
Dr. Web researchers recommend users install applications only from known and trusted sources and pay attention to other reviews. Although these reviews cannot guarantee that the apps are harmless, they can still warn Android device owners about potential threats.
Additionally, users should also pay attention to when and which apps ask them to login into their account. They are advised not to proceed any further and uninstall the suspicious program if they’re not sure about the legitimacy of the app.
Cezarina is the Head of Marketing Communications and PR within Heimdal® and a cybersecurity enthusiast who loves bringing her background in content marketing, UX, and data analysis together into one job. She has a fondness for all things SEO and is always open to receiving suggestions, comments, or questions.