Remove These Malicious Android Apps That Have Stolen Facebook Passwords

Researchers at Dr.Web have found nine applications with over 5.8 million downloads that secretly steal Facebook user passwords using a genuine Facebook login page. At the time of writing, Google has blocked the developer and removed these nine apps from the Play Store, but if you’ve downloaded any of them, it’s time to change your passwords.

How did apps steal data?

According to researchers from Dr.Web , the developer, Chikumburahamilton, has created full-featured applications for photo editing, workouts, horoscopes and garbage collection (among other things). After a while, these apps will prompt users to log in with Facebook in order to unlock all the functions of the app.

When users did this, the application launched their own C&C server (a developer-controlled Command-and-Control server used to copy and store data from a web page). After receiving the settings from the C&C server, the application loaded and then loaded the legitimate Facebook login page.

The application then uploaded the JavaScript received from the C&C server to the Facebook login page (JavaScript code is universal and can be inserted at any time, even when the user just clicks on the text field). This Javascript code was then used to copy the username and password.

JavaScript then passed the copied data to the application, which in turn passed it to the application’s C&C server, where it was saved. After the user logged into the application, the application also stole the cookies from the currently authenticated session, which in turn were sent to the cybercriminals.

In this case, the apps only used the genuine Facebook login page. But because of the way JavaScript and C&C servers work, they could easily do this with any service that required a login.

What can you do about this?

The first thing you need to do is check if you are running one of these nine applications:

  1. Photo PIP
  2. Photo processing
  3. Garbage cleaner
  4. Inwell fitness
  5. Daily horoscope
  6. Keep App Lock
  7. Lokit Master
  8. Pi horoscope
  9. App Lock Manager

If you have any of these apps installed, uninstall the app first.

Then, if you’ve used Facebook login with the app, you need to reset your password immediately .

Then stay alert. Use a trusted antivirus application like Malwarebytes to detect applications with malicious code. Whenever possible, avoid connecting third-party services like Facebook to random apps downloaded from the Play Store. Because of the way the Play Store works, it’s easy for developers to re-login and re-submit apps even after they’ve been uninstalled (a developer license only costs $ 25).

Finally, enable two-factor authentication for any site that allows it and pair it with a password manager . This will help you create and store long passwords securely. And even if a website leak reveals your password, two-factor authentication will keep you safe from hackers.

[ Ars Technica ]


Leave a Reply

Your email address will not be published. Required fields are marked *