Google is removing popular Android apps that stole Facebook passwords


Google is still racing to pull Android apps commit major privacy violations. Ars Technica notes that Google removed nine apps from the Play Store after Dr. web analysts discovered they were Trojans who stole Facebook login information. These were not obscure titles – the malware had over 5.8 million downloads combined and represented titles readily available such as “Horoscope Daily” and “Garbage Cleaner”.

Applications deceived users by loading the actual login page on Facebook, only to load JavaScript from the command and control server to “hijack” credentials and forward them to the application (and thus to the command server). They would also steal cookies from the authorization session. Facebook was a target anyway, but the creators were simply able to direct users to other online services.

There were five malware variants in the mix, but they all used the same JavaScript code and configuration file formats to drag information.

Google said Ars has denied access to all app developers, although this may not be discouraging when perpetrators are likely to create new developer accounts. Google may need to check the malware itself to prevent attackers.

The question, of course, is how the apps collected as many downloads as before the removal. Google’s largely automated review keeps a lot of malware out of the Play Store, but the subtlety of the technique may have helped tricked apps pass this defense and leave victims unaware that their Facebook data has fallen into the wrong hands. Whatever the cause, you can safely say that you should be careful when downloading utilities from unknown developers, no matter how popular they may seem.

All products recommended by Engadget are selected by our editorial team, regardless of our parent company. Some of our stories include associated links. If you buy something through one of these links, we may earn an associated commission.

Source link


Please enter your comment!
Please enter your name here