ten apps, nine of which are available on the Google Play Store (Android app store), were identified by stealing login and password information from Facebook users who download them, thinking they are legitimate tools.
The malicious applications were discovered by researchers at Dr. Web, an antivirus developer of the same name based in Moscow, Russia. According to them, together, the apps total more than 5 million downloads. Are they:
- PIP Photo, with 5 million downloads;
- Processing Photo, with more than 500 thousand downloads;
- Rubbish Cleaner, with over 100,000 downloads;
- Horoscope Daily, with more than 100,000 downloads;
- Inwell Fitness, with over 100,000 downloads;
- App Lock Keep, with over 50,000 downloads;
- Horoscope Pi, with over a thousand downloads;
- App Lock Manager, with just over 10 downloads.
As the researchers explain, the apps have been disguised as legitimate tools (such as video editing, data cleaning, horoscope lookup, exercise and secure data storage) but they hide a dangerous Trojan capable of stealing login and password records stored on the victim’s smartphone.
The company says it has contacted Google, which has removed some of the apps listed. “After the report, […] part of these malicious apps have been removed from Google Play“, the researchers write. The Hack searched Google Play for apps and, luckily, didn’t find any.
Same code, same malware
The apps were fully functional and offered ads, which helped users keep them on their smartphones. But, to disable the ads, all you had to do was log in with Facebook, where the data was stolen.
“After the victim logged into their Facebook account, the trojans also stole cookies from the current authorization session. These cookies were also sent to cybercriminals.“, explain.
Dr. Web researchers recommend that users download applications only from trusted sources. But if not, look for user ratings and other information about them and their developers on the web.
“You should also pay attention to when and which apps ask you to log in to your account. If you’re not sure what you’re doing is safe, it would be better not to go ahead and uninstall the suspicious program,” they conclude.