Facebook password theft with 9 Android apps

Google ha tax new obligations to developers to improve Play Store security. This need is confirmed by the 9 Android apps, removed following the report by Dr. Web, who stole login credentials from Facebook accounts. Password theft by deception The trick used by the bad guys has been exploited in other similar cases. 9 apps were published on the Google Play Store that, only in appearance, offered harmless features, such as image editing, device optimization and horoscope. Three of them were native Android apps, while two used the Flutter framework for cross-platform development. Up until their removal, they had been downloaded over 5.8 million times. The real feature was to steal Facebook account passwords. All apps were free with ads. The ads could be deleted by entering the login credentials to the social network. The screen was the official Facebook one, but it hid a JavaScript code that intercepted the access data (username and password) and sent them to servers managed by cybercriminals. These are the “password stealer” apps: Processing PhotoPIP PhotoApp Lock KeepApp Lock ManagerLockit MasterInwell FitnessRubbish CleanerHoroscope PiHoroscope Daily If installed, users need to remove them immediately from their devices and scan with a good antivirus. It is strongly recommended that you avoid apps from unknown sources. Google has deleted the apps and closed developer accounts. Hopefully, the new restrictions can serve to limit the distribution of such apps.

Categories:   Security