Google has removed nine harmful Android apps from the Play Store after they were found to have stolen user’s Facebook password.
These programs offer photo editing, astrology, good advice apps and fitness apps approximately over 5.8 million downloads. Following the discovery of the anti-virus company Dr. Web, Google has downloaded programs that are Trojans designed to steal this feature.
All apps require users to log into their Facebook accounts to provide additional services and to opt out of notifications. After users log into the official Facebook page, the app authors steal their JavaScript number for Access Commands and Control Server (C2).
These apps also steal cookies from your existing license and pass them on to cybercriminals. Although Facebook is targeting everything, bad agents will easily be able to redirect users to other popular services, the researchers said.
These programs had five types of malware, all using the same JavaScript code. Although Dr. Webb’s report does not suggest that, due to the vast availability of facilities, the number of eligible users could be stolen, the number could be in the thousands.
Harmful Android Apps those are removed are;
- Processing Photo (5 lacs+ downloads)
- PIP Photo (5 lacs+ downloads)
- Horoscope Daily (1 lac+ downloads)
- Inwell Fitness (1 lac+ downloads)
- Rubbish Cleaner (1 lac+ downloads)
- App Lock Keep (50 thousand+ downloads)
- Lockit Master (5 thousand+ downloads)
- App Lock Manager (1 thousand+ downloads)
- Horoscope Pi (1 thousand+ downloads)
Users who have already downloaded any of these nine harmful android apps should uninstall the app and change their Facebook password there. They should do the same for any other platforms where they use the same text for access.
The announcement comes just days after Google broadcasted new Play Store features as part of its efforts to combat fraud and miscalculation improvements. Google now requires developers to provide their addresses and images for their communications.
This is not the first time security researchers have detected malware in the Google Apps Store. In 2018, researchers at cybersecurity firm Sophos said they found JavaScript code to encrypt in 19 Android apps. In 2019, ESET claimed to contain exposed 42 adware programs. And that served unwanted ads to users as part of its monetization scheme.
The best way is to avoid joining through facebook. Rather use mail account which doesn’t have much to do with authentic data of yours. Hence quickly get rid of those harmful android apps from your smartphone.