- Most of these trojan apps offered photo editing and app lock features.
- These apps asked users to sign in with Facebook to unlock features and disable in-app advertisements.
- If you used these apps and logged in with your Facebook account, you may want to change your passwords now.
Security firm Doctor Web has published a report that identifies these 9 trojan apps which offered photo editing and app lock features. All these apps were found on the Google Play store, amassing nearly 6 million downloads amongst themselves.
The report goes on to add that Google had only removed some of these apps from the Play store, as of July 1, 2021, when the report went live.
PIP Photo app was the most downloaded among these apps, with 5 million downloads of its own.
How did these apps steal Facebook passwords?
All the apps mentioned in the report offered real features, causing the unsuspecting users to trust them. They even allowed users to unlock more features and disable in-app advertisements by logging into their Facebook accounts.
These apps exploited the widespread use of Google and Facebook login – something that is offered by many apps and games – to steal passwords of unsuspecting users.
The research firm describes the exploit mechanism below:
“After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView.
Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials.
After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server.
After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals.”
Here are the trojan apps mentioned in the report
If you have any of these apps installed on your phone, you may want to uninstall them:
- PIP Photo
- Processing Photo
- Rubbish Cleaner
- Horoscope Daily
- App Lock Keep
- Lockit Master
- Horoscope Pi
- App Lock Manager
- Inwell Fitness
In case you downloaded these apps and used the Facebook login option, it is recommended that you unauthorize these apps from your Facebook account and change your password.
SEE ALSO:
A COVID-19 SMS malware is targeting users in India as they look for alternatives to CoWIN for vaccine registration
A fake coronavirus tracking app is actually ransomware that threatens to leak social media accounts and delete a phone's storage unless a victim pays $100 in bitcoin
Hackers are using these fake coronavirus maps to give people malware