• Fri. Dec 3rd ,2021

Google removes Facebook login data-stealing apps from the Play Store

By   Sumit Horo

Date: Jul 05, 2021

In its continuing efforts to pull down Android applications that violate privacy policies, Google has reportedly announced that it has removed nine applications from the Play Store directory. Supposedly, the tech giant took this step after reports surfaced about trojans stealing login details of user’s Facebook accounts.

These apps were not difficult to find as the malware had more than 5.8 million downloads collectively and had titles like "Rubbish Cleaner" and "Horoscope Daily" that were easy to identify, reports suggest. Apparently, to extract users’ login details, the app would load the real Facebook sign-in page to trick users into entering their credentials, which, in reality, was a JavaScript from a command-and-control server.

The program would then hijack credentials and pass them to the app, taking them to the command server, as per reports. Reliable sources claim, the trojans were also stealing cookies from the authorization session.

Notably, in each case, Facebook was the target, however, creators of the malware could have easily directed users towards other internet services. Five malware variants were reportedly involved in the mix but all of them were running the same configuration file formats and JavaScript code.

Google stated that it has banned all these app developers from the store. However, the company further added that it was uncertain about the deterrent effect of the ban as perpetrators were likely to create new developer accounts.

The tech giant would supposedly need to screen for the malware itself in order to prevent attackers from using the same. The key question has seemingly been about the way these apps were able to amass so many downloads before they were removed.

According to reports, the firm’s primarily automated screening typically protects the Play Store against a lot of malware. However, in this case, subtle techniques of these rogue apps might have enabled the malware to slip past these barricades, leaving users unaware that their Facebook credentials had fallen into the wrong hands.

Source credits: https://www.engadget.com/google-removes-android-apps-stealing-facebook-passwords-192721252.html

Sumit Horo

Armed with a graduate degree in Visual Communication, Sumit started his career as social media marketing intern along with some freelancing jobs, and then finally decided to take writing seriously. He currently writes articles for xyz.com. When not writing, he can be found sketching or shopping for books.

Related Post

Google, Qualcomm partner on neural networking tech & mobile AI

China’s big tech crackdown: Tencent suspended from updating apps

KAI, Konan Technology to jointly develop AI system for aviation sector