Doctor Web malware analysts discovered a collection of nine malicious Google Play apps that were stealing Facebook users’ logins and passwords. These trojanized apps pretended to be legitimate software and were downloaded 5,856,010 times.
The apps pretended to be utility apps, such as Horoscope Daily and Rubbish Cleaner, according to malware analysts. The victims, on the other hand, were completely oblivious that they were downloading a malicious app onto their devices.
After installation, these apps notify users that they must log in to their Facebook accounts in order to access all of the app’s features. Their usernames and passwords are collected once they have logged in. Ads within a number of these apps were also utilised to persuade Android device owners to perform some specific actions.
Hackers gather usernames and passwords in order to utilise them in credential stuffing attacks, which could give them access to their victims’ other accounts.
Android.PWS.Facebook.13, Android.PWS.Facebook.17, Android.PWS.Facebook.14, and Android.PWS.Facebook.18 are the apps that have been discovered. They all utilise the same code, with minor differences.
Google has removed these fraudulent apps from the Play Store. This isn’t the first time malicious apps have been discovered in the Google Play Store. Didi Chuxing, a Chinese ride-hailing app, was recently removed from local app stores. The app was discovered to be in violation of data protection laws.