Beware Of Apps Stealing Facebook Credentials

Android’s popularity needs no introduction. It holds a major share in the operating system market. And, one thing that adds to its popularity is the ocean of apps that it provides. Out of several sources available, Google Play is said to be the most trusted place to install these apps.

However, quite recently, as per a report published by security firm Doctor Web, there were few apps on the Play Store that were found stealing users’ Facebook data. More specifically (and shockingly)  9 out of 10 Trojan infected apps belonged to Google Play Store. Google has removed these malicious nine Android apps whose cumulative download was over 5.8 million.

The report has come just a few days after Google released stringent developer guidelines where developers are asked to set up 2-step verification, furnish physical addresses, and follow other best practices to combat malicious apps or fraudulent developers from entering the Google Play Store.

The 9 Culprit Google Play Store Apps Stealing Facebook Credentials

• Processing Photo (photo editing software) – 500,000+ downloads
• App Lock Keep (App Lock) – At least 50,000 downloads
• App Lock Manager (App Lock) – At least 10,000 downloads
• Lockit Master (App Lock) – At least 5,000 downloads
• Rubbish Cleaner (App To Improve Android Optimization) – 100,000+ downloads
• Horoscope Daily (Astrology App) – 100,000 + downloads
• Horoscope Pi (Astrology App) – 1000+ downloads
• Inwell Fitness (Fitness App) – 100,000+ downloads
• PIP Photo (Image Editing App) – 5,000,000+ downloads

How These Apps Worked?

First, the apps were disguised as fully functional and harmless because of which a user could hardly sniff anything suspicious.

Next, this is how these apps went about stealing the login credentials of users. Some of these apps tried to persuade users to login into their Facebook accounts using user ID and password in exchange to provide them ad-free services.

Once a user clicked on the login button, the apps loaded a legit-looking Facebook webpage into the web view. Post that, they loaded a javaScript that they got from the C&C server into the same WebView. The script was used to hijack the user-defined login credentials.

It didn’t just stop there, even the cookies from current authorization were stolen that were sent to cybercriminals.

How Can You Put Your Guard-Up Against Malicious Android Apps?

• Download a reliable mobile security application for Android, so that any possible dangerous remnants can be removed. Here are some of the best anti-malware apps for Android.

Our Personal Recommendation – Smart Phone Cleaner

Smart Phone Cleaner, designed and distributed by Systweak Software is one the best Android cleaner and security apps for Android. The application is equipped with dozens of modules for smartphone cleaning, optimization and protection. Its Malware Protection works with advanced algorithms to safeguard your mobile against potential viruses, malware, adware, spyware and other infections.

Here are some of its notable features:

• Real-time 24*7 protection from any incoming attacks.
• Automatic malware detection.
• Clean malware with a single click.
• Schedule scans daily or weekly.
• Have a glance at what permissions you might be giving to an app.
• White list apps right from within the app.
• An inbuilt privacy browser to hide user history and protect their browsing data.
• No invasive advertising with their premium features.
• Tons of modules to clean and optimize your device for maximizing speed & overall performance.

Wrapping Up

Android lets you delve into a wonderful world of apps but when these apps start to act up and do stuff such as steal Facebook login credentials, can things go awry. Hope with the above blog, we have armed with some techniques to steer clear from any such apps. If you found the blog to be helpful do share it with people you care about. For more such content, keep reading Tweak Library.