Google Play Removes Apps That Stole Facebook Passwords
Google has thrown out nine apps from its Store that together have been downloaded more than seven million times. In addition, they secretly stole users’ passwords.
The apps disguise themselves as working apps with different functions. These include photo editors, fitness apps and horoscopes. That writes research firm Dr Web, which identified the apps.
To turn off ads in the apps, users could log in to their Facebook account. Users were then presented with the real Facebook login screen, but once entered, a JavaScript in the app could steal the login and password and the session’s cookies.
According to Dr Web contains the code of the trojan apps settings to load different types of login pages. So they could have stolen passwords from any service.
PIP Photo, a photo editor, is the most popular of the apps, according to Dr Web, downloaded 5.8 million times. In addition, there is another photo editor, Processing Photo, and apps called Rubbish Cleaner, Inwell Fitness, and Horoscope Daily. They had each been downloaded more than 100,000 times.
The other apps are called App Lock Keep, Lockit Master, Horoscope Pi and App Lock Manager. They have since been removed from the app store by Google Play. Those who have downloaded one of these apps should check their various accounts and use a mobile phone antivirus app.