Explorer

Here Are 9 Commonly-Used Apps That Stole Users' Facebook Password; Know What You Need To Do

These harmless-looking apps have been discreetly stealing users' Facebook account passwords. Know which apps have been exposed and what users need to do now.

New Delhi: Google keeps monitoring Android apps for any threat they may pose to users' data security. Even though several apps are routinely deleted on Play Store over the security concerns, more such platforms infringing on users' privacy keep cropping up.

According to a new research report, Android apps that have more than 5.8 million downloads on the Google Play store have been found prying on users’ Facebook passwords.

Security firm Doctor Web has published a report wherein it informed about 9 trojan apps that offer commonly-used photo editing and app lock features while discreetly stealing users' Facebook passwords.

ALSO READ | Twitter Failed To Comply With New IT Rules Leading To Loss Of Immunity: Centre Tells Delhi HC

All these apps found on the Google Play store have nearly 6 million downloads. Google removed some of these apps from the Play store, as of July 1, 2021, when the report was published, it claims.

Among these, the PIP Photo app was the most downloaded as it had 5 million downloads of its own.

Here are the trojan apps that you need to uninstall:

  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Horoscope Daily
  • App Lock Keep
  • Lockit Master
  • Horoscope Pi
  • App Lock Manager
  • Inwell Fitness

How do apps steal Facebook passwords?

These harmless-looking apps give users the option to unlock more features and disable in-app advertisements by logging into their Facebook accounts and then the Google and Facebook login option is misused to steal passwords of unsuspecting users.

Here's how the research firm described their method of operation: “After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials".

"After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals,” the report adds.

What to do if apps are installed?

Google has removed all of these apps from the Play Store and has reportedly banned their developers from submitting any new apps.

Users who have these apps downloaded on their devices and especially those who used the Facebook login option are recommended to revoke the permission given to these apps from accessing your Facebook account. Users should change their Facebook account password as well besides uninstalling such apps.

Top Headlines

Centre Issues Notice To Meta Over WhatsApp Usernames Roll-Out, Seeks Reply In 3 Days
Centre Issues Notice To Meta Over WhatsApp Usernames Roll-Out, Seeks Reply In 3 Days
EXCLUSIVE | Asus Is Betting India's Next PC User Won't Buy A 'Regular' Laptop
Asus Is Betting India's Next PC User Won't Buy A 'Regular' Laptop
Centre To Examine WhatsApp User ID Feature Over Fraud Concerns
Centre To Examine WhatsApp User ID Feature Over Fraud Concerns
Why Smart Indian Investors Are Betting On AI, Space, And Global ETFs
From AI To SpaceX: Why Indian Investors Are Looking Beyond Domestic Markets

Videos

BREAKING: Court Recovery Records Detail Cash, Dollars and Valuables Seized in Ayodhya Temple Case
BREAKING: Exclusive Recovery Records Reveal Major Cash Haul in Ayodhya Temple Offering Theft Case
No Cap With Megha Prasad: Was the Ram Mandir Donation Scandal Suppressed on June 5?
Ram Temple Donation Theft: Biggest Misappropriation Allegedly Took Place During Maha Kumbh, Say Sources
Ram Temple Donation case: Akhilesh Yadav Says ‘Lord Ram Made Me a Medium’ to Raise the Issue

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget