In response to researchers’ claims that some specific Android apps used a sneaky method to grab users’ Facebook login credentials, Google has recently banned nine apps downloaded more than 5.8 million times from its Playstore.
According to a post published by security firm Dr. Web, the apps provided fully functioning services ranging from photo editing, framing, exercise, and training, to daily horoscopes to win the user’s trust. Furthermore, the junk file removal was from Android devices also functional in these apps in order to minimize the sense of danger on the user’s end. In addition, each of the identified apps offered a way for users to disable in-app ads by logging into their Facebook accounts. The user selected the option, confronted with a Facebook login form that asked for their username and password.
The security firm revealed how these apps exploited the use of Facebook login,
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials.
After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”
There are five malware variants hidden inside the apps, according to the researchers. In addition to three native Android apps and two cross-platform apps built with Flutter (Google’s cross-platform framework). Despite using different configuration file formats and JavaScript code, Dr. Web said they are all classified as the same trojan because they use the same methods to steal data.
Read more: Google Play Store alternatives 2021
The most popular app was PIP Photo, which was downloaded more than 5.8 million times. Almost 500,000 users downloaded Processing Photo, the app that came next. Here are the rest of the apps:
- Rubbish Cleaner: with more than 100,000 downloads
- Inwell Fitness: with more than 100,000 downloads
- Horoscope Daily: with more than 100,000 downloads
- App Lock Keep: with more than 50,000 downloads
- Lockit Master: with more than 5,000 downloads
- Horoscope Pi: with 1,000 downloads
- App Lock Manager: with 10 downloads
These apps are no longer available on Google Play. According to a statement to Ars Technica, a Google spokesman said that the company has also banned developers from submitting new apps to the store in the future. Google did the right thing, but it still poses only a small barrier for developers, as they can sign up under the garb of a new name for $25 and set up a new developer account. Downloaded applications should be thoroughly inspected, as well as Facebook accounts, to make sure they are not compromised.
Prior to the removal of these apps, Google had also removed 29 malicious photo editing and beauty apps from its Play Store. The action was also taken place due to the research rendered by the security firm Trend Micro. In 2018, around 500,000 users downloaded malware onto their devices when they attempted to download racing games from the Google Play store. It was found that thirteen apps were infected with malware. The Trending section even listed two of these apps.
Dr. Web suggests that users should only install apps on Android devices from trusted sources and known developers, and the reviews of other users should be considered. Even though reviewers cannot guarantee an app’s safety, one can get a hint of the performance, quality, and sometimes security-related issues, including other insights of that particular app. In addition, users should be aware of when and which apps ask for their account information. It would be better not to proceed and uninstall the suspicious program if they are unsure whether what they are doing is safe.