Android App Steal Facebook Password
10 Apps available via Google Play have been caught stealing FB logins and passwords
The Devil’s Ten
As it turns out, at least 10 Android apps can nick your sensitive data. Namely, your Facebook logins and passwords. The frightening discovery has been made by the antivirus company Dr. Web.
Here’s the list of 9 malware-apps — 10th has been removed:
- Processing Photo. A photo-editing application that’s been installed 500,000 times. Authored by chikumburahamilton, it steals Facebook data.
- App Lock Keep. An access manager app by Sheralaw Rence.
- Rubbish Cleaner. An optimization tool by SNT.rbcl.
- App Lock Manager. By Implummet col, it specializes in access control.
- Lockit Master. By Enali mchicolo.
- Horoscope Daily. App with astrological forecasts by HscopeDaily.
- Horoscope Pi. A similar, but less popular app by Talleyr Shauna.
- Inwell Fitness. A shape-up app with half a million downloads by Reuben Germaine.
- PIP Photo. A pretty well-known photo editor with 5 millions downloads from Lillians.
There’s also another version of PIP Photo — EditorPhotoPip. It’s not available in Google Play anymore, but you still can find it on various apk-aggregating web services, so be careful.
All of these apps are infected with the trojan virus file classified as Android.PWS.Facebook, which steals account data.
Dr. Web contacted Google shortly after their investigation took place. As of now, the harmful components are partly removed from the apps.
It’s unknown yet if any action will be taken against their authors, as it’s a direct violation of the Google Play rules. But it’s quite probable that painful bans will ensue. Though, PIP Photo is still in its catalogue.
These apps would offer users to log in with their FB account. Then a hidden page would open, hijacking the profile data and transferring it to unknown servers.
Potentially, this would allow e-criminals to not only access the victims’ Facebook profiles, but also steal credentials from other services: mobile banking, messengers, etc. It’s possible via the phishing technique.
For those who might’ve dealt with the any of the apps, it’s recommended to:
- Remove the infected apps.
- Clean the gadget’s cache.
- Update your Android system.
- Change passwords in every service that contains your sensitive data.
And of course, install a mobile antivirus.
Apart from Dr. Web, which has one of the most extensive virus databases, there are also such worthy options as AVG, Norton Mobile Security, Avast Mobile, 360 Security, and others.
Is The Threat Gone?
The incident raises a lot of questions. First, Google Play has a built-in antivirus protection and no app can be published until it’s fully audited. How come these apps managed to sneak in?
Second, if PIP Photo managed to gain 5 million users and became popular, does it mean that other viral or semi-viral apps might be infected with trojans?
One way or another, we recommend you don’t neglect mobile security. Besides, the leading Android antivirus apps offer basic protection for free, which is enough to stay safe.