Google removes popular Android apps that stole Facebook passwords


Google remains to be racing to drag Android apps that commit main privateness violations. Ars Technica notes that Google has eliminated 9 apps from the Play Store after Dr. Web analysts discovered they had been trojans stealing Facebook login particulars. These weren’t obscure titles — the malware had over 5.8 million mixed downloads and posed as easy-to-find titles like “Horoscope Daily” and “Rubbish Cleaner.”

The apps tricked customers by loading the actual Facebook sign-in web page, solely to load JavaScript from a command and management server to “hijack” credentials and move them alongside to the app (and thus the command server). They would additionally steal cookies from the authorization session. Facebook was the goal in every case, however the creators may simply have simply steered customers towards different web providers.

There had been 5 malware variants within the combine, however all of them used the identical JavaScript code and configuration file codecs to swipe info.

Google instructed Ars it banned all of the app builders from the shop, though that may not be a lot of a deterrent when the perpetrators can doubtless create new developer accounts. Google could have to display for the malware itself to maintain the attackers out.

The question, after all, is how the apps racked up as many downloads as they did earlier than the takedown. Google’s largely automated screening retains quite a lot of malware out of the Play Store, however the subtlety of the method might need helped the rogue apps slip previous these defenses and go away victims unaware that their Facebook information fell into the unsuitable arms. Whatever the trigger, it is protected to say that you ought to be cautious about downloading utilities from unknown builders regardless of how popular they appear.

All merchandise really helpful by Engadget are chosen by our editorial workforce, unbiased of our guardian company. Some of our tales embody affiliate hyperlinks. If you purchase one thing by certainly one of these hyperlinks, we could earn an affiliate fee.


Please enter your comment!
Please enter your name here