Heads up, Android users! A new wave of malicious Android apps appeared on the Google Play Store aimed at stealing users’ Facebook credentials. Google has since removed those apps, make sure to delete them from your devices, too (if installed).
Android Apps Stealing Facebook Credentials
Researchers from Dr. Web found another bunch of malicious apps flooding the Android Play Store. This time, they found at least 10 different trojanized apps aiming at stealing Facebook credentials of Android users. These include apps belonging to different niches and offering different services, such as photo editing, phone management, fitness, and astrology.
As elaborated in their report, the researchers noticed the following apps exhibit the trojanized versions.
Here’s a quick list of those apps with other details.
|App Name||Developer||Detected Package||No. of Downloads|
|App Lock Keep||Sheralaw Rence||Android.PWS.Facebook.13||50,000|
|App Lock Manager||Implummet col||Android.PWS.Facebook.13||10|
|Lockit Master||Enali mchicolo||Android.PWS.Facebook.13||5,000|
|Horoscope Daily||HscopeDaily momo||Android.PWS.Facebook.13||100,000+|
|Horoscope Pi||Talleyr Shauna||Android.PWS.Facebook.13||1,000+|
|Inwell Fitness||Reuben Germaine||Android.PWS.Facebook.14||100,000+|
|PIP Photo||Lillians||Android.PWS.Facebook.17 and Android.PWS.Facebook.18||5,000,000+|
How Did The Apps Stole Facebook Login?
Briefly, the apps exhibited normal functionality, thus ruling out any suspicion for users. The apps then would ask users to log in via their Facebook account to remove ads and experience the full app functionality.
As stated in the post,
Besides login credentials, the apps also stole users’ session cookies.
While the apps remained focused on Facebook accounts, the researchers could observe that the attackers could exploit the same functionality to steal any other site’s account credentials.
One of the IoCs, Android.PWS.Facebook.15, hint at the potential Chinese origin of the threat actors.
The Android.PWS.Facebook.15 malicious program that turned out to be an earlier modification of the trojans, is identical to the others. However, it contains additional functionality to output the data into the log in Chinese, which may indicate its possible origin.
How To Detect Malicious Android Apps?
Given the huge customer base, Android devices remain vulnerable to cyber threats, including the appearance of malicious apps now and then.
Therefore, to protect themselves against such threats, Android users must keep their devices loaded with robust antivirus solutions.
Besides, it’s always wise to keep an eye on how the apps behave, what permissions they ask for, and the kind of credentials they require you to enter.
Moreover, as Dr, Web advised,
If you are not sure that what you are doing is safe, it would be better for you not to proceed any further and uninstall the suspicious program.
Also, make sure to protect your smartphone from cybercriminals by following the best practices.
Let us know your thoughts in the comments.