Tuesday, March 25, 2025
Follow us On Linkedin
HomeFACEBOOKBeware!! 5.8 Million Times Downloaded Android App Steals Facebook Passwords

Beware!! 5.8 Million Times Downloaded Android App Steals Facebook Passwords

FACEBOOKUncategorized

Published on

By Balaji
Android App Steals Facebook Passwords

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

It seems that the drastic wave of cyberattacks has not yet properly able to teach the users to develop their security habits. As there are many users who still use the common and compromised credentials on several services and apps.

Now many of you might be thinking, Why? It’s convenient to use the same credentials on multiple apps and services, as in this case you don’t have to remember different credentials for different services and apps.

And here comes the key roleplay of hackers; they mainly target users’ primary social network accounts credentials, through which they map to hack other accounts using those same credentials.

Usage of apps has seen dramatic heights, since nowadays it is normal to download apps for almost all daily tasks like for online shopping, social networking, email, editing, banking, etc.

Apps Request Access to Facebook

Security analysts of Doctor Web have made a security analysis on these apps, and during their investigation, they identified 10 malicious applications on Google Play that have stolen Facebook credentials of all their users.

But, if we talk about security and privacy? Then let me clarify that not all the apps are secure, since there are many that ask for access to the Facebook account or even in some cases ask the users to put their Facebook credentials.

New Technique to Steal Facebook Credentials

To steal Facebook credentials the cybercriminals used trojans, and they do so while user creates their profile in apps by linking their Facebook account.

Apart from this, they also steal the Facebook credentials by luring the users, and here, they offer ad-free UI in exchange for access to the Facebook account. As in most cases, users agree with their terms to remove the annoying ads by linking their Facebook account.

The operators of these malicious apps simply execute their operation by loading malicious Javascripts that are capable of stealing the users’ Facebook login credentials.

Once they capture the credentials, the malicious script sent those details to the server controlled by the threat actors. And the operators of these apps load the legitimate Facebook web page “www[.]facebook[.]com/login[.]php” into WebView.

Not only that, even the experts have also claimed that the trojans used by the threat actors offer equal abilities to steal current authorization session cookies.

List of apps

Below we have mentioned all the malicious apps with all their key details:-

  1. App Lock Keep, from Sheralaw Rence with more than 50,000 downloads and detected as Android.PWS.Facebook.13.
  2. App Lock Manager, from Implummet col with more than 10,000 downloads and detected as Android.PWS.Facebook.13.
  3. Lockit Master, from Enali mchicolo with more than 5,000 downloads and detected as Android.PWS.Facebook.13.
  4. Horoscope Daily, from HscopeDaily momo with more than 100,000 downloads and detected as Android.PWS.Facebook.13.
  5. Horoscope Pi, from Talleyr Shauna with more than 1,000 downloads and detected as Android.PWS.Facebook.13.
  6. Inwell Fitness, from Reuben Germaine with more than 100,000 downloads and detected as Android.PWS.Facebook.14.
  7. PIP Photo, from Lillians with more than 5 million downloads and detected as Android.PWS.Facebook.17 and Android.PWS.Facebook.18, since it has several versions.
  8. Processing Photo, from chikumburahamilton with more than 500,000 downloads, and detected as Android.PWS.Facebook.13.
  9. Rubbish Cleaner, from SNT.rbcl with more than 100,000 downloads and detected as Android.PWS.Facebook.13.
  10. EditorPhotoPip, this is app is removed by Google from Google Play, and it’s detected as Android.PWS.Facebook.15.

Google’s Response & Recommendation

After identifying these apps the security expert of Doctor Web immediately notified Google about these apps. So, in terms of response, we must say that Google was quick to take action against these malicious apps.

As after getting notified, Google removed all these malicious applications from the Google Play Store, but, the fact is that this action would not fix the issue completely.

This problem will remain the same for the users who have already installed these apps and using them on their Android devices.

So, in this case, the experts have strongly recommended all the users to uninstall or remove all these malicious apps from their devices in case if they installed these applications.

And not only that, even they have also recommended the users to immediately change their Facebook login credentials, or else their accounts will be abused.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

cyber security

Hackers Deploy Fake Semrush Ads to Steal Google Account Credentials

In a recent cybersecurity threat, hackers have been using fake Semrush ads to target...
cyber security

Pocket Card Users Targeted in Sophisticated Phishing Campaign

A new phishing campaign targeting Japanese Pocket Card users has been uncovered by Symantec....
cyber security

Albabat Ransomware Expands Reach to Target Linux and macOS Platforms

A recent report from Trend Micro has revealed that a new variant of the...
cyber security

New Rust-Based Linux Kernel Module Unveiled to Detect Rootkits

A recent development in Linux kernel security has led to the creation of a...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

Cyber Attack

Massive Facebook Phishing Attack Targets Hundreds of Companies for Credential Theft

A newly discovered phishing campaign targeting Facebook users has been identified by researchers at...
cyber security

New Facebook Fake Copyright Notices to Steal Your FB Accounts

A newly discovered phishing campaign is using fake Facebook copyright infringement notices to trick...
Cyber Security News

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved