Facebook Users Beware: These Malicious Apps Can Steal Your Login Credentials; What Should You Do?

549
Facebook Users Beware: These Malicious Apps Can Steal Your Login Credentials; What Should You Do?

Dr. Web has discovered nine apps stealing Facebook passwords, with a total download of more than 5.8 million. Although Google has banned these developers and removed them from its site, some users may have been exposed to the apps.

Facebook users can use these simple tips and tricks to ensure their privacy and security. However, they should first check to see if Google has removed any malicious apps. These include PIP Photo and Processing Photo, Rubbish Cleaner, and Inkwell Fitness.

These apps should be uninstalled immediately by Facebook users who have them. In addition, users who were required to agree to the terms and conditions of these apps must immediately reset their passwords. Users should also be vigilant at all times.

Also See:  Microsoft Patents AR Glasses That Can Spot Objects Through Fog

To detect malicious code in apps, Facebook users should make sure they use an anti-virus program that is trusted and reliable. They should also avoid connecting third-party apps like Facebook to any apps on the Play Store. It is easy to get into the Google app store, and developers can submit their products after being taken down.

Facebook users must enable two-factor authentication. Two-factor authentication will help protect users from being hacked, or their passwords were stolen online. To increase security, they could pair it with a password management program.

Facebook users were alarmist when Dr. Web published information about trojans known as “stealer trojans,” disguised as harmless applications. Nearly 6 million people downloaded them. These apps provided legitimate services such as exercise and training, junk removal, and photo editing and framing.

These malicious apps allow Facebook users to disable in-app advertisements by logging into accounts. Analysts stated that some ads were present in the apps and that this was done to encourage Android device owners, who are now required to take the necessary actions.

Also See:  Facebook's Oversight Board Delays Decision on Trump's Suspension

The option allows users to see the Facebook login page. However, WebView displays the page. Dr. Web explained that hackers “loaded JavaScript from the C&C server into the WebView.” This script was used to steal login credentials.

Analysts believe that this JavaScript would use the JavascriptInterface annotation to pass stolen password and login details to trojan programs, transferring the data to the C&C server. “After the victim log in to their account, the trojans also took cookies from the current authorization session.” These cookies were also sent out to cybercriminals.