Explorer

Here Are 9 Commonly-Used Apps That Stole Users' Facebook Password; Know What You Need To Do

These harmless-looking apps have been discreetly stealing users' Facebook account passwords. Know which apps have been exposed and what users need to do now.

New Delhi: Google keeps monitoring Android apps for any threat they may pose to users' data security. Even though several apps are routinely deleted on Play Store over the security concerns, more such platforms infringing on users' privacy keep cropping up.

According to a new research report, Android apps that have more than 5.8 million downloads on the Google Play store have been found prying on users’ Facebook passwords.

Security firm Doctor Web has published a report wherein it informed about 9 trojan apps that offer commonly-used photo editing and app lock features while discreetly stealing users' Facebook passwords.

ALSO READ | Twitter Failed To Comply With New IT Rules Leading To Loss Of Immunity: Centre Tells Delhi HC

All these apps found on the Google Play store have nearly 6 million downloads. Google removed some of these apps from the Play store, as of July 1, 2021, when the report was published, it claims.

Among these, the PIP Photo app was the most downloaded as it had 5 million downloads of its own.

Here are the trojan apps that you need to uninstall:

  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Horoscope Daily
  • App Lock Keep
  • Lockit Master
  • Horoscope Pi
  • App Lock Manager
  • Inwell Fitness

How do apps steal Facebook passwords?

These harmless-looking apps give users the option to unlock more features and disable in-app advertisements by logging into their Facebook accounts and then the Google and Facebook login option is misused to steal passwords of unsuspecting users.

Here's how the research firm described their method of operation: “After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials".

"After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals,” the report adds.

What to do if apps are installed?

Google has removed all of these apps from the Play Store and has reportedly banned their developers from submitting any new apps.

Users who have these apps downloaded on their devices and especially those who used the Facebook login option are recommended to revoke the permission given to these apps from accessing your Facebook account. Users should change their Facebook account password as well besides uninstalling such apps.

Top Headlines

Dreame L50s Pro Ultra Review: The Ferrari That Replaced The Rolls-Royce
Dreame L50s Pro Ultra Review: The Ferrari That Replaced The Rolls-Royce
Centre Issues Notice To Telegram, Directs Immediate Take Down Of Pirated Films, OTT Content
Centre Issues Notice To Telegram, Directs Immediate Take Down Of Pirated Films, OTT Content
Ashwini Vaishnaw Directs MeitY To Summon Meta Over Instagram Ads 'Promoting' Child Sexual Abuse Material
Meta Under Govt Scanner Over Instagram Ads 'Promoting' Child Sexual Abuse Material
WhatsApp Just Made Setting Up On An Android Tablet A Lot Simpler
WhatsApp Just Made Setting Up On An Android Tablet A Lot Simpler

Videos

BREAKING: Tehran reports show large crowds and chants during funeral coverage of Khamenei eventLIVE
Breaking: Ayodhya Ram Mandir Trust meeting agenda to review resignations amid donation theft probe reports live
BREAKING: Madhya Pradesh and Gujarat floods disrupt life as heavy rains submerge cities live today
BREAKING: Tehran mass mourning reports show chants and crowds during Khamenei farewell coverage live
Breaking: Tehran sees massive crowds and anti-US chants during reported Khamenei farewell coverage live

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget