Google has removed nine Android apps from its Play Store after researchers discovered that the apps were stealing Facebook login credentials. These include the PIP Photo app, which has been downloaded 5.8 million times.
Security company d. web I found ten rogue apps to the Facebook logins that have been collected. Nine of them were on the Play Store. These are apps with different functions, such as photo editing, Android cleaning, and horoscope apps.
All apps offered an option to turn off ads by logging into Facebook. This option already brought up the Facebook login screen via WebView. A script was loaded through the C&C server to hijack the entered credentials and pass them to the server. After logging in to the social network, the malware also stole the authentication cookie.
Dr. Webb talks about a Trojan in the program and calls it Android.PWS.Facebook.15. There are many types of this malware in circulation. The removed apps are PIP Photo, Processing Photo, Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi and App Lock Manager. Pip Photo was the most popular app, with 5.8 million downloads, and photo manipulation was also the most popular with half a million downloads, but App Lock Manager, for example, only had 10 downloads, according to the Play Store.
