They were spread as harmless apps, and most of them were downloaded at least 50,000 times.
What you need to know
- Google has taken down nine apps from the Play Store for stealing users’ Facebook login credentials.
- The apps succeeded in tricking users by loading the legitimate Facebook sign-in page.
- They were downloaded over 5.8 million times from the Play Store.
Google has removed nine apps from the Play Store after Doctor Web’s researchers found that they were actually trojans stealing users’ Facebook passwords. The list includes Processing Photo, App Lock Keep, Rubbish Cleaner, Horoscope Daily, Horoscope Pi, App Lock Manager, Lockit Master, Inwell Fitness, and PIP Photo. The developers of these apps have also been banned for violating Google’s Play Store policies.
While Doctor Web’s analysts found that the apps received settings for stealing login credentials of Facebook accounts, they may have easily changed the trojans’ settings to load the web page of other legitimate online services.
The apps used an earlier modification spread to the best Android phones through the Google Play Store using an image editing app called EditorPhotoPip. Even though the app was pulled from the Play Store, it is still available on some Android app aggregator websites. This is the reason why you should never install apps from unknown sources outside of the Play Store. Even when downloading apps from the Play Store, make sure you pay attention to user reviews before installing an app, no matter how popular it might be.