Google removes nine popular Android apps from Play Store for ‘stealing’ Facebook login details

By: |
July 06, 2021 6:25 PM

The apps worked by tricking users, loading the real Facebook sign-in page, only to then load a JavaScript from a command and control server that would hijack the credentials.

The tech giant has said that it has banned the developers of all of these apps from the Play Store

Google Play Store: Search engine giant Google is working to pull Android apps that commit major violations against privacy, and now, reports have said that the company has removed as many as nine apps from the Google Play Store. These apps were discovered by Dr. Web analysts to be trojans that were stealing the login details to Facebook, and they did not even have obscure titles. They had commonplace and easy-to-find titles like Horoscope Daily and Rubbish Cleaner, and these malicious apps combined had more than 5.8 million downloads.

Also read | Why connecting your iPhone to ‘this’ Wi-Fi network is not such a great idea

The apps worked by tricking users, loading the real Facebook sign-in page, only to then load a JavaScript from a command and control server that would hijack the credentials. These credentials were passed along to the app and then to the command server, and the app also stole the cookies from the authorisation session. While the apps had targeted Facebook each time, the creators did have the ability to use this process equally easily for any other internet service. The apps used five variants of the malware, but the JavaScript code and the configuration file formats used for stealing the information were the same for all of them.

The tech giant has said that it has banned the developers of all of these apps from the Play Store, even as it is not likely to pose much of an issue for the creators behind the malware, because they can very easily make a new developer account. In order to keep the attackers out of the Play Store, Google might need to take out the big guns and screen for the malware itself.

The cause for concern, however, is the volume of downloads these apps managed to muster before Google was able to get its hand on them. While the search engine giant has put in place some automated screening processes in place to filter out any malware, the processes are subtle and therefore, these apps might have been able to sidestep the defences.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.

Next Stories
1Apple’s India App Store offering ‘20% bonus’ when you add funds to your Apple ID; Check details
2Google uses ‘dead’ Nexus Twitter account to poke fun at Apple
3Microsoft Office 2021 to release alongside Windows 11 on October 5