Dr. Web researchers located nine apps that have more than 5.8 million combined downloads and were stealing user’s Facebook passwords.
Google moved quickly to ban the developer, chikumburahamilton. And then removed the nine Android apps from the Google Play Store.
Nine apps to remove
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Inwell Fitness
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App lock Manager
All nine are fully functional apps for tasks like photo editing, getting daily horoscopes, exercising, etc…At some point, the app prompts the user to log in using Facebook to allow full functionality of the app.
That’s when the app begins to steal private data. It starts by stealing cookies from the current authorized session, which are sent to the cybercriminals.
How did the apps steal the Facebook passwords?
The malware-laden apps had easy-to-find titles that tricked users with a legitimate Facebook sign-in page. But a JavaScript was also put in play by a command and control server to steal the data and pass them back to the app ( the command server).
