Popular Play Store Apps Steal Facebook Credentials

Popular Play Store Apps Steal Facebook Credentials

Tracy LeBlanc/Pexels

The Google Play Store and the Apple App Store are two of the most popular sources to get apps for different platforms: you can find anything from health, well-being and social media apps to all sorts of games.
Everyone uses these two sources as they are widely believed to be the most secure, but it seems like Google’s Play Store keeps seeing its share of trouble.

Its Store app now has a long history of being questioned, with app-related incidents happening time and time again. While most of the apps in the Store are safe to use, every now and then, some of them prove that whoever was in charge of putting them up in the Play Store was not paying a lot of attention.

According to a report, a number of apps were created to obtain sensitive information. There were 9 apps in total that were reported recently, all of which had been downloaded millions of times. For example, one of them was PIP Photo, with over 5 million downloads and Horoscope Daily along with Inwell Fitness with over 100,000 downloads each.

While the apps still did the job they were expected to, they, in fact, contained trojans that gained the users’ Facebook credentials which, in turn, allowed access to those who created the malware to their social media accounts.

How this happened was quite simple, from a software point of view. Dr. Web explained it best in the report that detailed the situation:

“These trojans used a special mechanism to trick their victims. After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to highjack the entered login credentials.
After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.

The apps in question have been reported and removed from the Google Play Store, but, considering the high number of downloads, the users have been advised to scan their phones and reset their Facebook passwords, just to be on the safe side.


Subscribe to our website and stay in touch with the latest news in technology.

Popular Play Store Apps Steal Facebook Credentials
Click to comment

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To Top