After researchers discovered that these apps could steal Facebook login credentials, Google has removed nine Android apps from its Play marketplace.
According to Dr., the apps were designed to gain users’ trust and lower their security guards. Web. All the apps identified offered users the option to disable in-app ads by logging into Facebook. The authentic Facebook login page was displayed to users who selected this option. It contained fields to enter usernames and passwords.
As Dr. Web researchers wrote:
Analyzing the malicious programs revealed that they had settings to steal logins and passwords from Facebook accounts. The attackers could have changed the settings of the trojans and told them to load a page from another legitimate service. The attackers could have used even a fake login page. The trojans could have been used for stealing logins and passwords from any website.
Most of the downloads were for PIP Photo, which was downloaded more than 5 million times. Processing Photo was the app with the second-highest downloads, with over 500,000. The rest of the apps were:
Google Play searches show that all the apps have been removed. A Google spokesperson stated that all developers of the nine apps had been removed from Google Play. This means they won’t be permitted to create new apps. Although it is the right thing to Google, the developer can still sign up for a new account under a different name and pay $25 for it.
Anyone who downloaded any of these apps should carefully examine their device and their Facebook accounts to see any indications of compromise. In addition, it’s a good idea to download an Android antivirus app from a trusted security company and scan for malicious apps. Malwarebytes’ offering is my favorite.