Android Apps with 5.8 million Installs Stealing Facebook Passwords

The_King

The_King

Level 12
Thread author
Verified
Top Poster
Well-known
Aug 2, 2020
549
Content source
https://thehackernews.com/2021/07/android-apps-with-58-million-installs.html
Google intervened to remove nine Android apps downloaded more than 5.8 million times from the company's Play Store after the apps were caught furtively stealing users' Facebook login credentials.

"The applications were fully functional, which was supposed to weaken the vigilance of potential victims. With that, to access all of the apps' functions and, allegedly, to disable in-app ads, users were prompted to log into their Facebook accounts," researchers from Dr. Web said. "The advertisements inside some of the apps were indeed present, and this maneuver was intended to further encourage Android device owners to perform the required actions."

The offending apps masked their malicious intent by disguising as photo-editing, optimizer, fitness, and astrology programs, only to trick victims into logging into their Facebook accounts and hijack the entered credentials via a piece of JavaScript code received from an adversary-controlled server
Click to expand...
The list of apps are as follows -

  • PIP Photo (>5,000,000 installs)
  • Processing Photo (>500,000 installs)
  • Rubbish Cleaner (>100,000 installs)
  • Horoscope Daily (>100,000 installs)
  • Inwell Fitness (>100,000 installs)
  • App Lock Keep (50,000 installs)
  • Lockit Master (5,000 installs)
  • Horoscope Pi (>1,000 installs)
  • App Lock Manager (10 installs)

In the last link of the attack, the stolen information was exfiltrated to the server using the trojanized applications.
Click to expand...
 
  • Like
  • Wow
  • +Reputation
Reactions: CyberTech, Deletedmessiah, Gandalf_The_Grey and 8 others
upnorth

upnorth

Level 68
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
JoyousBudweiser said:
How do people find these apps to install it on their system....
Click to expand...
I can't say conclusive it's what happened here, as I also haven't read everything deep enough, but many times malicious apps and software are propagated/advertised with something called SEO poisoning ( Search Engine Poisoning ).
www.zscaler.com

Ubiquitous SEO Poisoning URLs

SEO poisoning, also known as search engine poisoning, is an attack method that involves creating web pages packed with trending keywords in an effort to trick search
www.zscaler.com www.zscaler.com
It's a cleaver way of getting search results higher up and seen faster.
 
  • Like
  • Wow
Reactions: Venustus, CyberTech, Brahman and 2 others
Thiagoo

Thiagoo

Level 3
May 10, 2021
66
Sometimes i feel like the app verification system on Play Store is either very bad and lazy or nonexistent. Every single year i see a bunch of news like that :unsure:

But like, it's not only Play Store verification that is bad, Android itself is way too insecure on my view, like still relying on outdated (and potentially vulnerable) libraries.
 
  • Like
Reactions: Venustus, CyberTech, Brahman and 1 other person
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • +Reputation
Android adware apps on Google Play amass two million installs
Replies
0
Views
841
News Archive
CyberTech
CyberTech
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,181
Security News
Digmor Crusher
Digmor Crusher
lokamoka820
    • Like
    • +Reputation
Malware News Android malware 'Necro' infects 11 million devices via Google Play
Replies
1
Views
1,584
Security News
i7ii
i7ii

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top