It turns out that 10 apps with a total of 5.8 million downloads have stolen Facebook passwords



Security company Dr.Web has released 10 malware apps that steal Facebook login information. Nine of these ten were available on Google Play, with a total of 5.8 million downloads.

Android trojans steal Facebook users' logins and passwords

https://news.drweb.com/show/?i=14244&lng=en

Apps with 5.8 million Google Play downloads stole users' Facebook passwords | Ars Technica
https://arstechnica.com/gadgets/2021/07/google-boots-google-play-apps-for-stealing-users-facebook-passwords/

Of the 10 types of malware apps revealed by Dr.Web, the ones published on Google Play are ' PIP Photo ', ' Processing Photo ', ' Rubbish Cleaner ', ' Inwell Fitness ', ' Horoscope Daily ', and ' App Lock Keep '. Nine types of 'Lockit Master', ' Horoscope Pi ', and ' App Lock Manager '.



The feature of the app identified this time is that the functions themselves can be used without any inconvenience. The trick to steal Facebook user information was that when using the app, you would be asked to 'log in with your Facebook account to disable in-app advertising.' The following is the screen.



Tap 'LOG IN WITH FACE BOOK' to move to the Facebook login form. According to Dr.Web, the login form itself is genuine, but the username and password entered in this login form were sent by malware to the attacker's server.



The total number of downloads for these nine types was 5,856,010 times, and among them, 'PIP Photo' was the most damaged, with a total number of downloads exceeding 5 million times.

Five types of malware have been identified in these apps, three of which are Android native apps and two of which are created by the Flutter framework, but with the same file format settings for code that steals user data. Since it uses the same JavaScript code as, Dr.Web mentions these five as variants of the same malware. For these 5 types, '

Android.PWS.Facebook.13 ' ' Android.PWS.Facebook.14 ' ' Android.PWS.Facebook.15 ' ' Android.PWS.Facebook.17 ' ' Android.PWS.Facebook.18' Is given the identifier.

Of these, 'Android.PWS.Facebook.15' included an additional function to generate a part of the log file in Chinese, so Dr.Web may have been created in Chinese-speaking countries. I point out.



At the time of publication of the article, these 9 types of apps have been deleted from Google Play.

Related Posts:

in Security, Posted by darkhorse_log