care! these Android apps can steal your Facebook password

Facebook: estas aplicaciones Android pueden robar tu contraseña


Nowadays, it is normal to download applications almost for all everyday tasks, even for those that were believed to be able to develop in-person such as making the market, paying bank bills, doing legal procedures, training, etc.

This situation was further potentiated during the last pandemic year, which forced industries and people around the world to create digital alternatives to buy, sell, provide solutions, do paperwork, etc.

Also read: Angry Birds 2 joins the list on AppGallery

However, not all applications are secure, many of these applications require a link with a platform or your Facebook credentials, a fact that may seem defenseless, but when there are cybercriminals involved it can become a real nightmare.

Therefore, the malware analysis firm and cybersecurity experts drweb analyzed these applications and discovered that at least ten of the most used on Google Play, have stolen Facebook passwords with this procedure.

It may be of your interest: Colombia is the country with the most insecure passwords in Latin America

New modus operandi of cybercriminals

Criminals have used Trojans to steal users' Facebook logins and passwords, by linking accounts when creating a profile in apps or when they accept usage policies when downloading them.

Another way they gain users' trust or empathy is by offering the option to disable ads as long as they log into their Facebook account. Evidently, most users agreed to take off their advertising and were presented with a Facebook session message requesting their username and password.

Those applications, what they did, was load JavaScript-capable of stealing the user's login credentials. All this information was then sent to the attackers' servers. Trojans were equally capable of stealing current authorization session cookies.

Apps that have attacked the most

Applications/ number of installations performed

  • App Lock Keep: downloaded at least 50,000
  • App Lock Manager: downloaded at least 10,000
  • Horoscope Daily: The app has been installed more than 100,000 times
  • Horoscope Pi: has more than 1000 installations
  • Inkwell Fitness: a fitness application with more than 100,000 facilities
  • Lockit Master: downloaded at least 5,000 times
  • PIP Photo: an image editing application that has more than 5 million installations.
  • Processing Photo: a photo editing software installed more than 500,000 times
  • Rubbish Cleaner: an application aimed at optimizing android performance that has been downloaded more than 100000 times
  • A tenth app that was discovered was EditorPhotoPip, but it was not available on Google Play.

How did Google respond to the situation?

After informing Google about the attacks, all apps were deleted from the Google Play Store. However, it does not apply to those who already have it activated. If this is your case, the recommendation is to change the Facebook password.

Post a Comment