Dr. Web researchers located nine apps that have more than 5.8 million combined downloads and were stealing user’s Facebook passwords.
Google moved quickly to ban the developer, chikumburahamilton. And then removed the nine Android apps from the Google Play Store.
Nine apps to remove
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Inwell Fitness
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App lock Manager
All nine are fully functional apps for tasks like photo editing, getting daily horoscopes, exercising, etc…At some point, the app prompts the user to log in using Facebook to allow full functionality of the app.
That’s when the app begins to steal private data. It starts by stealing cookies from the current authorized session, which are sent to the cybercriminals.
How did the apps steal the Facebook passwords?
In every case, Facebook was the primary target. But the hackers had the capability to steer users toward other password-protected services. They chose Facebook passwords.
Once the user logged in to the application, the app also stole cookies from the current authorized session, which were in turn sent to cybercriminals.
Get rid of the malware apps
If you are running one of the nine apps listed above, you need to remove them. The first action is to uninstall the offending application.
If you used Facebook verification login with the app you also need to reset your Facebook password. Run a scan with antivirus software. That helps to find other apps using Malware. And to assure the app removal was successful.
You also need to turn on two-factor authentication for every site possible. And pair it with a password manager. This will help you generate and store unhackable passwords more securely. And even if your private password is leaked, two-factor authentication is the first line of defense against future hackers.