Google has removed nine apps from the Play Store after they were found to steal users’ Facebook passwords. These nine applications — added about 6 million downloads in the Google Play Store — hid Trojans with which they stole access credentials and passwords for the social network Facebook.
Doctor Web’s malware analysts discovered the Trojan in a total of 10 applications, although nine were distributed through the Play Store. The titles of the nine apps were:
- Horoscope Daily
- Rubbish Cleaner
- Processing Photo
- App Lock Keep
- Horoscope Pi
- App Lock Manager
- Lockit Master
- Inwell Fitness
- Pip Photo
Unlike other malicious applications, these apps were fully functional and allowed users to carry out the functions that they advertised in their profile on Google Play. Although within them, a “feature” was introduced — to eliminate the ads for free, simply by logging in to their Facebook accounts.
This gesture, which for many users did not raise any suspicion, was the moment in which the user’s login data was transferred to a command and control server. The attackers were able to obtain the email addresses and passwords of users’ Facebook accounts in this way.
Google has removed the nine applications immediately, following the report received by the Doctor Web researchers, so that it is now impossible to download the applications from the Play Store. Although it is possible that there are Android users still with them installed. In this case, it is recommended to uninstall them and change the password of your Facebook account or add two-step verification.