Google Bans Several Android Apps For Stealing Facebook Passwords

Google Play Store application icon on Samsung smartphone
BigTunaOnline/Shutterstock.com

This week Google took swift action and banned several apps from the Google Play Store for being malicious and stealing Facebook passwords. Unfortunately, these apps had nearly 5.8 million combined downloads.

Researchers at DrWeb recently discovered 10 malicious apps, nine of which were available on Google’s app store. These weren’t random programs you’d never think to download, either. Infected apps were easy-to-find titles like “Horoscope Daily” and “App Lock Manager.”

According to DrWeb’s analysis, the applications could trick users by loading the real Facebook sign-in page and sneakily load JavaScript from a command and control server, which could obtain both the login credentials and passwords. Facebook was the target for all of the apps, and they even managed to steal cookies from the authorization session.

infected Android apps
Dr. Web

We’re not sure how these apps got past Google’s defenses and managed to rack up so many downloads. However, it looks like thanks to being fully functioning apps for horoscopes, cleaning your phone, app lock managers, and more made them popular. People using them still had a function app and didn’t think it could be malicious.

Google has completely banned all nine apps and its developer from the Play Store, but that’s only half the battle. They’ll likely resurface in another form.

Anyone who has downloaded one of the above apps should remove it immediately. Not to mention check your Facebook for signs of being compromised. And it goes without saying, but if you had any of these apps, change your Facebook password and any account that uses the same said password.

via Engadget