Table of Contents

Beware Of Apps Stealing Facebook Credentials
Security / Technology /

Beware Of Apps Stealing Facebook Credentials

Android’s popularity needs no introduction. It holds a major share in the operating system market. And, one thing that adds to its popularity is the ocean of apps that it provides. Out of several sources available, Google Play is said to be the most trusted place to install these apps.

However, quite recently, as per a report published by security firm Doctor Web, there were few apps on the Play Store that were found stealing users’ Facebook data. More specifically (and shockingly)  9 out of 10 Trojan infected apps belonged to Google Play Store. Google has removed these malicious nine Android apps whose cumulative download was over 5.8 million.

The report has come just a few days after Google released stringent developer guidelines where developers are asked to set up 2-step verification, furnish physical addresses, and follow other best practices to combat malicious apps or fraudulent developers from entering the Google Play Store.

The 9 Culprit Google Play Store Apps Stealing Facebook Credentials

Google Play Store Apps
Source: drweb
  • Processing Photo (photo editing software) – 500,000+ downloads
  • App Lock Keep (App Lock) – At least 50,000 downloads
  • App Lock Manager (App Lock) – At least 10,000 downloads
  • Lockit Master (App Lock) – At least 5,000 downloads
  • Rubbish Cleaner (App To Improve Android Optimization) – 100,000+ downloads
  • Horoscope Daily (Astrology App) – 100,000 + downloads
  • Horoscope Pi (Astrology App) – 1000+ downloads
  • Inwell Fitness (Fitness App) – 100,000+ downloads
  • PIP Photo (Image Editing App) – 5,000,000+ downloads

How These Apps Worked?

Facebook logins
Source: drweb

First, the apps were disguised as fully functional and harmless because of which a user could hardly sniff anything suspicious.

Next, this is how these apps went about stealing the login credentials of users. Some of these apps tried to persuade users to login into their Facebook accounts using user ID and password in exchange to provide them ad-free services.

Once a user clicked on the login button, the apps loaded a legit-looking Facebook webpage into the web view. Post that, they loaded a javaScript that they got from the C&C server into the same WebView. The script was used to hijack the user-defined login credentials.

It didn’t just stop there, even the cookies from current authorization were stolen that were sent to cybercriminals.

How Can You Put Your Guard-Up Against Malicious Android Apps?

Even though most of the apps are removed, the danger is far from gone. And, knowing the fact that attackers can get past a trusted platform like Google Play Store, installing an app is not just only about, heading to a platform and clicking on the install button. It’s a little more than that. And that “little more” can be the difference between falling prey to a Trojan and keeping safe.

We are not saying that you shouldn’t download apps but, what we would like to emphasize is to hold your above-mentioned apps. Here are certain measures you can undertake before you install apps whether from Google Play Store or any other source –

  • If you have used any of the above-mentioned apps, you need to change your Facebook password, right away. This would prevent the Trojan from further stealing your Facebook login credentials or causing you any other damage.
  • Download antimalware for Android, so that any possible dangerous remnants can be removed. Here are some of the best anti-malware apps for Android.

Systweak  Anti- Malware App

Systweak Antimalware

Systweak Anti-Malware for instance is one the best security apps for Android. Here are some of its notable features –

  • Real-time 24*7 protection from any incoming attacks
  • Web protection
  • Automatic malware detection
  • Clean malware with a single click
  • Schedule scans daily or weekly
  • Have a glance at what permissions you might be giving to an app
  • White list apps right from within the app

Click Here To Install Systweak Anti-Malware

Complete Review on Systweak Anti malware

  • It is highly advisable to download apps only from trusted sources. Never fall prey to unwarranted WhatsApp texts, SMS, or any other social media invites that may rope you into downloading apps.
  • Even if you are on a trusted platform like Google Play Store, make sure that you go through the reviews of the app. Don’t just stop there – keep your eyes and ears open for any latest scams, fraudulent practices, or data breaches that the app might be subjected to.
  • Make sure that you go through the developer details and ensure that the app comes from a trusted developer.
  • Always review app permissions. We have covered a major deal on how you can personalize app permissions as per your requirements to up your privacy game. With attacks like above, we as users need to extra cautious –

For example, a photo editing app may ask permission to access your camera but if a kids’ games app is asking permission to access your contacts or camera, there’s something fishy.

Wrapping Up

Android lets you delve into a wonderful world of apps but when these apps start to act up and do stuff such as steal Facebook login credentials, can things go awry. Hope with the above blog, we have armed with some techniques to steer clear from any such apps. If you found the blog to be helpful do share it with people you care about. For more such content, keep reading Tweak Library.

Releted Topics

Leave a Reply

Your email address will not be published. Required fields are marked *