Google LLC has removed nine Android apps from the Play store, including one with millions of users, after they were discovered to be stealing users’ Facebook Inc. login credentials.
Discovered and detailed July 1 by malware analysts at Dr. Web, the apps, described as “stealer Trojans,” were spread as harmless software and were installed nearly 6 million times. Unlike some previous cases where malicious Android apps have been discovered, the apps in this case all provided legitimate services such as photo editing and framing, exercise and training, horoscopes and junk file removal.
Apps included PIP Photo with up to 5 million installs; Processing Photo with up to 500,000 installs; Rubbish Cleaner, Horoscope Daily and Inwell Fitness with up to 100,000 installs; and App Lock Keep with up to 50,000 installs. Lockit Master, Horoscope Pi and App Lock Manager rounded out the list.
Commonly between the apps, users were offered the ability to disable in-app ads by logging into their Facebook account. The analysts noted that “the advertisements inside some of the apps were indeed present and this maneuver was intended to further encourage Android device owners to perform the required actions.”
App users selecting the option were then presented with a standard Facebook login but with a difference: The genuine Facebook login page was shown in WebView with JavaScript also loaded to hijack the entered login credentials.
When users entered their Facebook login details, the JavaScript would then send the credentials to the attacker’s command-and-control server, while the users would be none the wiser, having successfully logged into Facebook. After the victims logged into their account, the Trojan also stole cookies from the current authorization sessions.
Although those behind the apps targeted Facebook accounts, they could have targeted accounts on other services. “The attackers could have easily changed the trojans’ settings and commanded them to load the web page of another legitimate service,” the analysts explained. “They could have even used a completely fake login form located on a phishing site. Thus, the trojans could have been used to steal logins and passwords from any service.”
Google has not made a public statement on the apps yet. Ars Technica reported Friday that the apps have been removed from the store. A Google spokesperson told Ars Technica that the developers of the apps have also been banned.
Image: Dr. Web
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and soon to be Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
Join Our Community
We are holding our second cloud startup showcase on June 16. Click here to join the free and open Startup Showcase event.
We really want to hear from you. Thanks for taking the time to read this post. Looking forward to seeing you at the event and in theCUBE Club.
https://ift.tt/3jJIIIa
Technology
No comments:
Post a Comment