Google Takes Down Popular Android Apps That Stole Facebook Passwords

Google took down popular Android apps that stole Facebook passwords.

Google took down popular Android apps that stole Facebook passwords as the company was still racing to pull Android apps that committed major privacy violations.

Google took down popular Android apps that stole Facebook passwords.
Photo from 9to5Google

Based on a report on Endgadget, Ars Technica noted that Google had removed nine apps from the Google Play Store after Dr. Web analysts discovered that those apps were trojans stealing Facebook login details.

Those apps weren’t obscure titles — the malware had more than 5.8 million combined downloads and posed as easy-to-find titles such as “Rubbish Cleaner” and “Horoscope Daily”.

Endgadget also reported that those apps tricked users by loading the real Facebook sign-in page, only to load JavaScript from a command and control server in order to “hijack” credentials and to pass them along to the app (and thus the command server). Also, they would steal cookies from the authorization session.

Facebook was the target in every case, but creators could just have easily steered users toward other internet services.

Based on a report, there were five malware variants in the mix but all of them used the same JavaScript code and configuration file formats in order to swipe information.

READ ALSO: ByteDance Reportedly Starts Selling TikTok’s AI To Other Companies

Google then told Ars that it banned all the app developers from the Play Store, although that might not be much of a deterrent when the perpetrators can likely create their new developer accounts.

Endgadget also reported that Google may need to screen for the malware itself in order to keep the attackers out. However, the question was how the apps racked up as many downloads on Play Store as they did before the takedown.

Google’s largely automated screening kept a lot of malware out of the Play Store, but the subtlety of the technique might have helped the rogue apps slip past those defenses and leave victims unaware that their Facebook data fell into the wrong hands.

Whatever the cause, it was safe to say that users should be cautious about downloading utilities from unknown developers no matter how popular those apps seemed.

What can you say about this? Let us know in the comments below.

For more news and updates, you may feel free to visit this site more often. You may also visit via our official Facebook page and YouTube channel.

Leave a Comment