Android App Steals Facebook Passwords

It seems that the drastic wave of cyberattacks has not yet properly able to teach the users to develop their security habits. As there are many users who still use the common and compromised credentials on several services and apps.

Now many of you might be thinking, Why? It’s convenient to use the same credentials on multiple apps and services, as in this case you don’t have to remember different credentials for different services and apps.

And here comes the key roleplay of hackers; they mainly target users’ primary social network accounts credentials, through which they map to hack other accounts using those same credentials.

Usage of apps has seen dramatic heights, since nowadays it is normal to download apps for almost all daily tasks like for online shopping, social networking, email, editing, banking, etc.


Apps Request Access to Facebook

Security analysts of Doctor Web have made a security analysis on these apps, and during their investigation, they identified 10 malicious applications on Google Play that have stolen Facebook credentials of all their users.

But, if we talk about security and privacy? Then let me clarify that not all the apps are secure, since there are many that ask for access to the Facebook account or even in some cases ask the users to put their Facebook credentials.

New Technique to Steal Facebook Credentials

To steal Facebook credentials the cybercriminals used trojans, and they do so while user creates their profile in apps by linking their Facebook account.

Apart from this, they also steal the Facebook credentials by luring the users, and here, they offer ad-free UI in exchange for access to the Facebook account. As in most cases, users agree with their terms to remove the annoying ads by linking their Facebook account.

The operators of these malicious apps simply execute their operation by loading malicious Javascripts that are capable of stealing the users’ Facebook login credentials.

Once they capture the credentials, the malicious script sent those details to the server controlled by the threat actors. And the operators of these apps load the legitimate Facebook web page “www[.]facebook[.]com/login[.]php” into WebView.

Not only that, even the experts have also claimed that the trojans used by the threat actors offer equal abilities to steal current authorization session cookies.

List of apps

Below we have mentioned all the malicious apps with all their key details:-

  1. App Lock Keep, from Sheralaw Rence with more than 50,000 downloads and detected as Android.PWS.Facebook.13.
  2. App Lock Manager, from Implummet col with more than 10,000 downloads and detected as Android.PWS.Facebook.13.
  3. Lockit Master, from Enali mchicolo with more than 5,000 downloads and detected as Android.PWS.Facebook.13.
  4. Horoscope Daily, from HscopeDaily momo with more than 100,000 downloads and detected as Android.PWS.Facebook.13.
  5. Horoscope Pi, from Talleyr Shauna with more than 1,000 downloads and detected as Android.PWS.Facebook.13.
  6. Inwell Fitness, from Reuben Germaine with more than 100,000 downloads and detected as Android.PWS.Facebook.14.
  7. PIP Photo, from Lillians with more than 5 million downloads and detected as Android.PWS.Facebook.17 and Android.PWS.Facebook.18, since it has several versions.
  8. Processing Photo, from chikumburahamilton with more than 500,000 downloads, and detected as Android.PWS.Facebook.13.
  9. Rubbish Cleaner, from SNT.rbcl with more than 100,000 downloads and detected as Android.PWS.Facebook.13.
  10. EditorPhotoPip, this is app is removed by Google from Google Play, and it’s detected as Android.PWS.Facebook.15.

Google’s Response & Recommendation

After identifying these apps the security expert of Doctor Web immediately notified Google about these apps. So, in terms of response, we must say that Google was quick to take action against these malicious apps.

As after getting notified, Google removed all these malicious applications from the Google Play Store, but, the fact is that this action would not fix the issue completely.

This problem will remain the same for the users who have already installed these apps and using them on their Android devices.

So, in this case, the experts have strongly recommended all the users to uninstall or remove all these malicious apps from their devices in case if they installed these applications.

And not only that, even they have also recommended the users to immediately change their Facebook login credentials, or else their accounts will be abused.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here