Malware analysts at Doctor Web have discovered a set of nine malicious apps on Google Play that were stealing Facebook users’ logins and passwords. These trojanized apps were impersonating normal software and were downloaded more than 5,856,010 times.
According to the malware analysts, the apps presented themselves as utility apps, for e.g, Horoscope Daily and Rubbish Cleaner. However, the victims were unaware of the fact that they are downloading a malicious app on their devices.
After installation, these apps notify users that to access all functions of the app they must log in to their Facebook accounts. Once logged in, their passwords and usernames are collected.
The ads inside a few of these apps were further used to encourage Android device owners to perform some specific actions.
Hackers collect usernames and passwords to use them later in credential stuffing attacks that could provide access to victims' other accounts.
The apps are detected as Android.PWS.Facebook.13, Android.PWS.Facebook.17, Android.PWS.Facebook.14, and Android.PWS.Facebook.18. All of them use the same code with slight variations.
Other malicious apps
These malicious apps have been removed by Google from the Play Store. However, this is not the first instance of malicious apps making their way into the Google Play Store.
A few days ago, a Chinese ride-hailing app named Didi Chuxing was removed from local app stores. The app was found to be non-compliant with data protection laws.
Last month, Quick Heal discovered a set of eight apps laced with Joker malware. These malicious apps were downloaded 50,000 times on the Play Store.
Malicious apps are getting detected regularly on legitimate app stores, which shows that users can not entirely rely on app stores for ensuring their security. Before and after installing any app, users must stay vigilant for unusual activity and permissions required by the apps.