9 Android apps to delete immediately because they steal Facebook credentials

The software has been downloaded nearly 6 million times. Here’s how to get safe

(photo: Dr.Web)

Nine Android apps have been banned by Google because they could indeed steal your Facebook login details using a rather refined method. How can you protect your device if you have downloaded one of these software?

The nine apps had been regularly released on the Play Store and were apparently more than legitimate and well functioning: they ranged from editing photos to training at home and even horoscopes, cleaning useless files in memory up to a mocking virtual lock to protect other apps. As a demonstration of the superficial goodness of these programs, the total count of downloads was close to 6 million. Still, they hid a dark side: they really were type trojan password stealer or precisely password thieves.

How trojans that steal passwords work

As told by the computer researchers of Dr. Web, after an initial period of normal use, the nine applications asked the user to log in via Facebook to unlock all available functions and eliminate advertisements. Simplifying the malicious procedure, the normal Facebook login page, which, however, relied on the control servers of the cheating developer: through a specific JavaScript the authentication data inserted together with the cookies of the current authentication session were intercepted; everything was sent to the cybercriminals, who could easily change the access parameters. The peculiarity of this method is that it can work not only with Facebook, but also with other services.

Here are the app names:

1 – Pip Photo – image editor, 5 million downloads;

2 – Processing Photo – another image editor with 500,000 downloads;

3 – Rubbish Cleaner – app to clean the memory of useless elements, 100000 downloads;

4 – Inwell Fitness – home workout app downloaded over 100,000 times;

5 – Horoscope Daily – horoscope predictions, downloaded 100000 times;

6 – App Lock Keep – to secure other apps, downloaded 50000 times;

7 – Lockit Master – same as above, 10000 downloads;

8 – App lock Manager – another app lock, downloaded 5000 times;

9 – Horoscope Pi – horoscope downloaded 1000 times;

What to do if you have downloaded one of these apps

At this time it is no longer possible to download apps. However, if you have already downloaded one or more from the list, it is more than advisable to stop using them, uninstall them immediately and proceed to change your Facebook password.

As always, it is better to protect your Android smartphone with an antivirus (preferably anti-malware too), here is a list of the best software and use thetwo-factor authentication on Facebook (and elsewhere).

Categories:   Mobile