It turns out that 10 apps with a total of 5.8 million downloads have stolen Facebook passwords

× Security

Security company Dr.Web has released 10 malware apps that steal Facebook login information. Nine of these ten were available on Google Play, with a total of 5.8 million downloads. Android trojans steal Facebook users' logins and passwords https://news.drweb.com/show/?i=14244&lng=en Apps with 5.8 million Google Play downloads stole users' Facebook passwords | Ars Technica https://arstechnica.com/ gadgets / 2021/07 / google-boots-google-play-apps-for-stealing-users-facebook-passwords/ Of the 10 types of malware apps revealed by Dr.Web, the ones published on Google Play , " PIP Photo " " Processing Photo " " Rubbish Cleaner " " Inwell Fitness " " Horoscope Daily " " App Lock Keep " " Lockit Master " " Horoscope Pi " " App Lock Manager " 9 types.

The feature of the app identified this time is that the functions themselves can be used without any inconvenience. The trick to steal Facebook user information was that when using the app, you would be asked to "log in with your Facebook account to disable in-app advertising." The following is the screen.

Tap "LOG IN WITH FACE BOOK" to move to the Facebook login form. According to Dr.Web, the login form itself is genuine, but the username and password entered in this login form were sent by malware to the attacker's server.

The total number of downloads of these 9 types was 5,856,010 times, and among them, "PIP Photo" has a total number of downloads of over 5 million times, which is considered to have been particularly damaging. Five types of malware have been identified in these apps, three of which are Android native apps and two of which are created by the Flutter framework, but with the same file format settings for code that steals user data. Since it uses the same JavaScript code as, Dr.Web refers to these five variants as variants of the same malware. For these 5 types, " Android.PWS.Facebook.13 " " Android.PWS.Facebook.14 " " Android.PWS.Facebook.15 " " Android.PWS.Facebook.17 " " Android.PWS.Facebook.18 " I am waving the identifier. Of these, "Android.PWS.Facebook.15" included an additional function to generate a part of the log file in Chinese, so Dr.Web may have been created in Chinese-speaking countries. I point out.

At the time of publication of the article, these 9 types of apps have been deleted from Google Play.

Copy the title and URL of this article

・ Related article It is clear that 128 million iPhone users have installed apps containing malware --GIGAZINE Over 44 billion yen "continues to charge secretly even after deleting apps" fraudulent apps are on the App Store Making money on Google Play-GIGAZINE It has been pointed out that 533 million user data leaked from Facebook, which is the worst data leak in history-GIGAZINE

・ Related content

Tweet Tweet

in security, Posted by log1k_iy

You can read the machine translated English article here.