• Sat. Mar 2nd ,2024

Google removes Facebook login data-stealing apps from the Play Store


By   Sumit Horo

Date: Jul 05, 2021

In its continuing efforts to pull down Android applications that violate privacy policies, Google has reportedly announced that it has removed nine applications from the Play Store directory. Supposedly, the tech giant took this step after reports surfaced about trojans stealing login details of user’s Facebook accounts.

These apps were not difficult to find as the malware had more than 5.8 million downloads collectively and had titles like "Rubbish Cleaner" and "Horoscope Daily" that were easy to identify, reports suggest. Apparently, to extract users’ login details, the app would load the real Facebook sign-in page to trick users into entering their credentials, which, in reality, was a JavaScript from a command-and-control server.

The program would then hijack credentials and pass them to the app, taking them to the command server, as per reports. Reliable sources claim, the trojans were also stealing cookies from the authorization session.

Notably, in each case, Facebook was the target, however, creators of the malware could have easily directed users towards other internet services. Five malware variants were reportedly involved in the mix but all of them were running the same configuration file formats and JavaScript code.

Google stated that it has banned all these app developers from the store. However, the company further added that it was uncertain about the deterrent effect of the ban as perpetrators were likely to create new developer accounts.

The tech giant would supposedly need to screen for the malware itself in order to prevent attackers from using the same. The key question has seemingly been about the way these apps were able to amass so many downloads before they were removed.

According to reports, the firm’s primarily automated screening typically protects the Play Store against a lot of malware. However, in this case, subtle techniques of these rogue apps might have enabled the malware to slip past these barricades, leaving users unaware that their Facebook credentials had fallen into the wrong hands.

Source credits: https://www.engadget.com/google-removes-android-apps-stealing-facebook-passwords-192721252.html


Sumit Horo

Armed with a graduate degree in Visual Communication, Sumit started his career as social media marketing intern along with some freelancing jobs, and then finally decided to take writing seriously. He currently writes articles for littlesaigoncollective.com. When not writing, he can be found sketching or shopping for books.

Related Post

US chipmaker Intel debuts latest Arc series graphics for laptops

Date: Jul 05, 2021 Sumit Horo

Electrify America to launch ‘human-centered’ EV charging stations

Date: Jul 05, 2021 Sumit Horo

South Korea approves emergency use of anti-COVID-19 pill, Lagevrio

Date: Jul 05, 2021 Sumit Horo