Google removes nine popular apps that stole users’ Facebook passwords

The apps had over 5.8 million combined downloads

Play Store

Google has removed nine popular apps from the Play Store after researchers found that they were stealing Facebook passwords.

The apps had over 5.8 million combined downloads. It’s worth noting that the apps were titled in a way that was easy for them to be found by users.

The nine apps were: Rubbish Cleaner, Inwell Fitness, Horoscope Daily, App Lock Keep, Lockit Master, Horoscope Pi and App Lock Manager.

The apps tricked users by loading a legitimate Facebook sign-in page, but then also loaded JavaScript to hijack credentials. They also stole cookies from the authorization session.

Further, researchers identified five malware variants stashed inside the apps but all of them used the same format to swipe details.

A Google spokesperson told Ars Technica that the tech giant has banned all the developers of the nine apps to prevent them from being allowed to submit new apps. Unfortunately, this may not be much of a deterrent as they can simply create new developer accounts.

Users who may have downloaded one of the apps should examine their Facebook accounts for any signs of suspicious activity.

Source: Ars Technica

MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.

Related Articles