Explorer

Here Are 9 Commonly-Used Apps That Stole Users' Facebook Password; Know What You Need To Do

These harmless-looking apps have been discreetly stealing users' Facebook account passwords. Know which apps have been exposed and what users need to do now.

New Delhi: Google keeps monitoring Android apps for any threat they may pose to users' data security. Even though several apps are routinely deleted on Play Store over the security concerns, more such platforms infringing on users' privacy keep cropping up.

According to a new research report, Android apps that have more than 5.8 million downloads on the Google Play store have been found prying on users’ Facebook passwords.

Security firm Doctor Web has published a report wherein it informed about 9 trojan apps that offer commonly-used photo editing and app lock features while discreetly stealing users' Facebook passwords.

ALSO READ | Twitter Failed To Comply With New IT Rules Leading To Loss Of Immunity: Centre Tells Delhi HC

All these apps found on the Google Play store have nearly 6 million downloads. Google removed some of these apps from the Play store, as of July 1, 2021, when the report was published, it claims.

Among these, the PIP Photo app was the most downloaded as it had 5 million downloads of its own.

Here are the trojan apps that you need to uninstall:

  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Horoscope Daily
  • App Lock Keep
  • Lockit Master
  • Horoscope Pi
  • App Lock Manager
  • Inwell Fitness

How do apps steal Facebook passwords?

These harmless-looking apps give users the option to unlock more features and disable in-app advertisements by logging into their Facebook accounts and then the Google and Facebook login option is misused to steal passwords of unsuspecting users.

Here's how the research firm described their method of operation: “After receiving the necessary settings from one of the C&C servers upon launch, they loaded the legitimate Facebook web page https://www.facebook.com/login.php into WebView. Next, they loaded JavaScript received from the C&C server into the same WebView. This script was directly used to hijack the entered login credentials".

"After that, this JavaScript, using the methods provided through the JavascriptInterface annotation, passed the stolen login and password to the trojan applications, which then transferred the data to the attackers’ C&C server. After the victim logged into their account, the trojans also stole cookies from the current authorization session. Those cookies were also sent to cybercriminals,” the report adds.

What to do if apps are installed?

Google has removed all of these apps from the Play Store and has reportedly banned their developers from submitting any new apps.

Users who have these apps downloaded on their devices and especially those who used the Facebook login option are recommended to revoke the permission given to these apps from accessing your Facebook account. Users should change their Facebook account password as well besides uninstalling such apps.

View More
Advertisement
Advertisement
25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Advertisement

Top Headline

Kejriwal To Stay Delhi CM From Jail As High Court Finds 'No Legal Bar,' Ball In LG's Court Now
Kejriwal To Stay Delhi CM From Jail As High Court Finds 'No Legal Bar,' Ball In LG's Court Now
'No Court Has Proved Me Guilty': Arvind Kejriwal Thanks ED Officers, Addresses Court Personally
'No Court Has Proved Me Guilty': Arvind Kejriwal Thanks ED Officers, Addresses Court Personally
Another Setback For Congress As Delhi HC Rejects Plea Against Income Tax Case
Another Setback For Congress As Delhi HC Rejects Plea Against Income Tax Case
ED Raids Relative Of Arvind Kejriwal's Wife In Old FEMA Case
ED Raids Relative Of Arvind Kejriwal's Wife In Old FEMA Case
Advertisement
for smartphones
and tablets

Videos

Bihar Lok Sabha Polls 2024: ABP Exclusive With Papu Yadav, MP No Longer Contesting From PurniaVarun Gandhi Pens Emotional Letter To Pilibhit After Being Denied, Says 'Mai Aapka Hu Aur Rahunga'Delhi Excise Policy Case: With CM Arvind Kejriwal's Arrest, Who Will Run The State | Watch ReportLok Sabha Elections 2024: 'BJP Just Wants To Break The Aam Aadmi Party' says Saurabh Bhardwaj

Photogallery

Embed widget