According to reports, Google recently announced that the company’s nine Android apps have been downloaded more than 5.8 million times in the Play Store. Previously, researchers claimed that these apps stole users’ Facebook login information in a despicable way.
According to a post published by the security company Dr. Web, in order to win the trust of users and reduce their vigilance, these applications provide full-featured services-including photo editing and color picking, exercise and training, astrology and moving Remove junk files on Android devices.
All recognized apps provide users with the option to log in to their Facebook account to disable in-app advertising. Users who choose this option will see a real Facebook login form with fields for entering username and password.
The researchers of Dr. Web wrote:
These Trojans use a special mechanism to deceive their victims. After receiving the necessary settings from a C&C server at startup, they will send the legitimate Facebook page https://www.facebook.com/login.php Load into the WebView. Next, they load the JavaScript received from the C&C server into the same WebView. The script is directly used to hijack the entered login credentials. After that, the JavaScript uses the method provided by the JavascriptInterface annotation to steal the login The name and password are passed to the Trojan horse application, which transmits the data to the attacker’s C&C server. After the victim logs in to their account, the Trojan horse also steals cookies from the current authorized session. These cookies are also sent to cybercriminals. Analysis of the malicious program showed that they all received settings to steal the login name and password of the Facebook account. However, an attacker can easily change the Trojan’s settings and order them to load a web page of another legitimate service. They can even use completely fake login forms on phishing websites. Therefore, Trojan horses may be used to steal the login name and password of any service.
Join Our RealMi Central Channel On Telegram
Researchers discovered five malware variants hidden in these applications. Three of them are native Android apps, and the other two use Google’s Flutter framework-which is designed for cross-platform compatibility. Dr. Web pointed out that it categorizes all these Trojans as the same kind of Trojans because they use the same configuration file format and the same JavaScript code to steal user data.
Dr. Web identified these mutations as:
- Android.PWS.Facebook.13
- Android.PWS.Facebook.14
- Android.PWS.Facebook.15
- Android.PWS.Facebook.17
- Android.PWS.Facebook.18
Most of the downloads come from an application called PIP Photo, which has been downloaded more than 5.8 million times. Next is Processing Photo, which has been downloaded more than 500,000 times. The remaining applications are:
- Rubbish Cleaner: over 100,000 downloads
- Inwell Fitness: over 100,000 downloads
- Horoscope Daily: over 100,000 downloads
- App Lock Keep: over 50,000 downloads
- Lockit Master: Over 5000 downloads
- Horoscope Pi: 1,000 downloads
- App Lock Manager: 10 downloads
All these applications have now been removed from Google Play. A Google spokesperson said that the company has also banned all 9 app developers from using it in its app store, which means they will not be allowed to submit new apps.
Google’s approach is correct, but this is only a small obstacle for developers because they only need to pay $25 to register a new developer account with a different name. Anyone who has downloaded the above apps should carefully check their devices and Facebook accounts to see if there are any signs of compromise.
If you like our news and you want to see such news even further, then follow RealMi Central on Google News, Telegram (RealMi Central, Xiaomi, Apple, Realme, Samsung, Microsoft, OnePlus, Huawei/Honor, Android 12), Twitter, Facebook (Page) (Group) & Instagram.